CVE-2024-58273
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user (or the backend shell user) to escalate to root on the host.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Nagios | Log Server | 0 < 2024R1.0.2 | affected |
Weaknesses
- CWE-266: CWE-266 Incorrect Privilege Assignment
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.nagios.com/products/security/#log-server
- https://www.nagios.com/changelog/#log-server-2024R1
- https://www.vulncheck.com/advisories/nagios-log-server-lpe-from-apache-backend-shell-user-to-root
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.