CVE-2024-43199 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CISA-ADP	ADP	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 30%

Vendor	Product	Version
nagios	ndoutils	𝑥 < 2.1.4

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

ndoutils

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	dne
xenial	needs-triage

Common Weakness Enumeration

CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://github.com/NagiosEnterprises/ndoutils/commit/18ef12037f4a68772d6840cbaa08aa2da07d2891

https://github.com/NagiosEnterprises/ndoutils/compare/ndoutils-2.1.3...ndoutils-2.1.4

https://github.com/NagiosEnterprises/ndoutils/pull/65

http://www.openwall.com/lists/oss-security/2024/08/14/8