Fusion Nagios Fusion

Do you want an email whenever new security vulnerabilities are reported in Nagios Fusion?

By the Year

In 2024 there have been 0 vulnerabilities in Nagios Fusion . Fusion did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 11 8.89
2020 0 0.00
2019 0 0.00
2018 1 6.10

It may take a day or so for new Fusion vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Nagios Fusion Security Vulnerabilities

Incorrect Access Control in Nagios Fusion 4.1.8 and earlier

CVE-2020-28911 6.5 - Medium - May 24, 2021

Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.

Insecure Storage of Sensitive Information

Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts

CVE-2020-28909 8.8 - High - May 24, 2021

Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo.

Incorrect Permission Assignment for Critical Resource

Command Injection in Nagios Fusion 4.1.8 and earlier

CVE-2020-28908 9.8 - Critical - May 24, 2021

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.

Command Injection

Command Injection in Nagios Fusion 4.1.8 and earlier

CVE-2020-28901 9.8 - Critical - May 24, 2021

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.

Command Injection

Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier

CVE-2020-28907 9.8 - Critical - May 24, 2021

Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.

Improper Certificate Validation

Improper Input Validation in Nagios Fusion 4.1.8 and earlier

CVE-2020-28905 8.8 - High - May 24, 2021

Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination.

Code Injection

Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier

CVE-2020-28904 9.8 - Critical - May 24, 2021

Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code.

Improper Privilege Management

Improper input validation in Nagios Fusion 4.1.8 and earlier

CVE-2020-28903 6.1 - Medium - May 24, 2021

Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS.

XSS

Command Injection in Nagios Fusion 4.1.8 and earlier

CVE-2020-28902 9.8 - Critical - May 24, 2021

Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.

Command Injection

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier

CVE-2020-28900 9.8 - Critical - May 24, 2021

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.

Insufficient Verification of Data Authenticity

Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root

CVE-2020-28906 8.8 - High - May 24, 2021

Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.

Incorrect Default Permissions

Nagios Fusion before 4.1.4 has XSS

CVE-2018-12501 6.1 - Medium - June 16, 2018

Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Nagios Fusion or by Nagios? Click the Watch button to subscribe.

Nagios
Vendor

Nagios Fusion
Product

subscribe