CVE-2020-6581

high

Description

Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.

References

Advisories
More

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/

https://herolab.usd.de/security-advisories/

https://herolab.usd.de/security-advisories/usd-2020-0002/

Details

Source: Mitre, NVD

Published: 2020-03-16

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 3.7

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P

Severity: Low

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00249

Detections

Analytics