CVE-2013-1362

EPSS 76.44%
Veröffentlicht 09.07.2013 17:55:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensuse ≫ Opensuse Version11.4

Opensuse ≫ Opensuse Version12.1

Opensuse ≫ Opensuse Version12.2

Nagios ≫ Remote Plug In Executor Version <= 2.13

Nagios ≫ Remote Plug In Executor Version1.3

Nagios ≫ Remote Plug In Executor Version1.4

Nagios ≫ Remote Plug In Executor Version1.5

Nagios ≫ Remote Plug In Executor Version1.6

Nagios ≫ Remote Plug In Executor Version1.7

Nagios ≫ Remote Plug In Executor Version1.8

Nagios ≫ Remote Plug In Executor Version1.9

Nagios ≫ Remote Plug In Executor Version2.0

Nagios ≫ Remote Plug In Executor Version2.0b1

Nagios ≫ Remote Plug In Executor Version2.0b2

Nagios ≫ Remote Plug In Executor Version2.0b3

Nagios ≫ Remote Plug In Executor Version2.0b4

Nagios ≫ Remote Plug In Executor Version2.0b5

Nagios ≫ Remote Plug In Executor Version2.3

Nagios ≫ Remote Plug In Executor Version2.4

Nagios ≫ Remote Plug In Executor Version2.5

Nagios ≫ Remote Plug In Executor Version2.5.1

Nagios ≫ Remote Plug In Executor Version2.5.2

Nagios ≫ Remote Plug In Executor Version2.6

Nagios ≫ Remote Plug In Executor Version2.7

Nagios ≫ Remote Plug In Executor Version2.7.1

Nagios ≫ Remote Plug In Executor Version2.8

Nagios ≫ Remote Plug In Executor Version2.8.1

Nagios ≫ Remote Plug In Executor Version2.8b1

Nagios ≫ Remote Plug In Executor Version2.9

Nagios ≫ Remote Plug In Executor Version2.10

Nagios ≫ Remote Plug In Executor Version2.11

Nagios ≫ Remote Plug In Executor Version2.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	76.44%	0.988

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00006.html

http://seclists.org/bugtraq/2013/Feb/119

http://www.exploit-db.com/exploits/24955

http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability

https://bugzilla.novell.com/show_bug.cgi?id=807241

https://nvd.nist.gov/vuln/detail/CVE-2013-1362

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-1362

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-1362

EUVD