UCSIRC has released high security announcement on Multiple Critical vulnerabilities in Nagios products. This security announcement is to protect against remote attackers using the vulnerabilities to take control of an affected system.

For a complete description of the vulnerabilities and effected systems, visit:

• CVE-2020-28900 - Nagios XI 5.7.5 Insufficient Verification of Data Authenticity Vulnerability
• CVE-2020-28901 - Nagios Fusion 4.1.8 Command Injection Vulnerability
• CVE-2020-28902 - Nagios Fusion 4.1.8 Command Injection Vulnerability
• CVE-2020-28907 - Nagios Fusion 4.1.8 Improper Certificate Validation Vulnerability
• CVE-2020-28910 - Nagios XI 5.7.3 Incorrect Default Permissions Vulnerability

IT Security

Read more about IT Security service offerings.