CVE-2020-28910

CRITICAL

Nagios XI < 5.7.5 - Incorrect Permission Assignment

Title source: rule

Description

Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.

References (3)

Core 3

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://www.nagios.com/downloads/nagios-xi/change-log/

Exploit, Third Party Advisory x_refsource_misc

https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html

Scores

CVSS v3 9.8

EPSS 0.0052

EPSS Percentile 66.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

nagios/nagios_xi < 5.7.5

Published May 24, 2021

Tracked Since Feb 18, 2026