ГлавнаяУязвимости → CVE-2020-36867
8.8высокая

CVE-2020-36867

Описание

Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped, allowing an authenticated attacker who can trigger PDF exports to inject shell metacharacters or arguments.

Затрагиваемое ПО
Nagios Nagios xi
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.nagios.com/changelog/nagios-xi/https://www.vulncheck.com/advisories/nagios-xi-command-injection-in-report-pdf-download