CVE-2020-22427
HIGHNagios XI 5.6.11 - Authenticated Remote Code Execution
Title source: llmDescription
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://code610.blogspot.com/2020/03/postauth-rce-bugs-in-nagiosxi-5611.html
Scores
CVSS v3
7.2
EPSS
0.1018
EPSS Percentile
93.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
nagios/nagios_xi
5.6.11
Published
Feb 15, 2021
Tracked Since
Feb 18, 2026