ГлавнаяУязвимости → CVE-2013-10073
8.8высокая

CVE-2013-10073

→ есть в БДУ: BDU:2025-14473 (на русском)
Описание (на английском; русское — в БДУ выше)

Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary commands with the privileges of the application service.

Затрагиваемое ПО
Nagios Nagios xi
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.nagios.com/changelog/nagios-xi/https://www.vulncheck.com/advisories/nagios-xi-auto-discovery-shell-command-injection