CVE-2011-10035

Nagios XI versions prior to2011R1.9contain privilege escalation vulnerabilities in the scripts that install or update system crontab entries. Due to time-of-check/time-of-userace conditions and missing synchronization or final-path validation, a local low-privileged user could manipulate filesystem state during crontab installation to influence the files or commands executed with elevated privileges, resulting in execution with higher privileges.
TOCTOU
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
nagiosnagios_xi
𝑥
≤ 2009
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.nagios.com/changelog/nagios-xi/
https://www.vulncheck.com/advisories/nagios-xi-race-conditions-in-crontab-install-script-lpe