Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-28900

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.

  • Published: May 24, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-28900
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 10
  • AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
nagios / fusion - 4.1.8.x
nagios / nagios_xi - 5.7.5.x