CVE-2020-15903

EUVD-2020-7876
An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
nagiosnagios_xi
𝑥
< 5.7.3
𝑥
= Vulnerable software versions
References
https://www.nagios.com/downloads/nagios-xi/change-log/
https://www.nagios.com/downloads/nagios-xi/change-log/