Nagios Fusion
By the Year
In 2023 there have been 0 vulnerabilities in Nagios Fusion . Fusion did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 11 | 8.89 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 6.10 |
It may take a day or so for new Fusion vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Nagios Fusion Security Vulnerabilities
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier
CVE-2020-28911
6.5 - Medium
- May 24, 2021
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.
Insecure Storage of Sensitive Information
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts
CVE-2020-28909
8.8 - High
- May 24, 2021
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo.
Incorrect Permission Assignment for Critical Resource
Command Injection in Nagios Fusion 4.1.8 and earlier
CVE-2020-28908
9.8 - Critical
- May 24, 2021
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
Command Injection
Command Injection in Nagios Fusion 4.1.8 and earlier
CVE-2020-28901
9.8 - Critical
- May 24, 2021
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.
Command Injection
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier
CVE-2020-28907
9.8 - Critical
- May 24, 2021
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
Improper Certificate Validation
Improper Input Validation in Nagios Fusion 4.1.8 and earlier
CVE-2020-28905
8.8 - High
- May 24, 2021
Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination.
Code Injection
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier
CVE-2020-28904
9.8 - Critical
- May 24, 2021
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code.
Improper Privilege Management
Improper input validation in Nagios Fusion 4.1.8 and earlier
CVE-2020-28903
6.1 - Medium
- May 24, 2021
Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS.
XSS
Command Injection in Nagios Fusion 4.1.8 and earlier
CVE-2020-28902
9.8 - Critical
- May 24, 2021
Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
Command Injection
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier
CVE-2020-28900
9.8 - Critical
- May 24, 2021
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.
Insufficient Verification of Data Authenticity
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root
CVE-2020-28906
8.8 - High
- May 24, 2021
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.
Incorrect Default Permissions
Nagios Fusion before 4.1.4 has XSS
CVE-2018-12501
6.1 - Medium
- June 16, 2018
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Nagios Fusion or by Nagios? Click the Watch button to subscribe.
