Nagios Remote Plug In Executor
By the Year
In 2020 there have been 2 vulnerabilities in Nagios Remote Plug In Executor with an average score of 7.4 out of ten. Last year Remote Plug In Executor had 0 security vulnerabilities published. That is, 2 more vulnerabilities have already been reported in 2020 as compared to last year.
It may take a day or so for new Remote Plug In Executor vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Nagios Remote Plug In Executor Security Vulnerabilities
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow
7.5 - High
- March 16, 2020
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.
CVE-2020-6582 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Nagios NRPE 3.2.1 has Insufficient Filtering
7.3 - High
- March 16, 2020
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.
CVE-2020-6581 can be explotited with local system access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.3 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.