← Volver a CVEs
CVE-2020-36867
HIGH8.8
Descripcion
Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped, allowing an authenticated attacker who can trigger PDF exports to inject shell metacharacters or arguments.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado10/30/2025
Ultima modificacion11/5/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
nagios:nagios_xi
Debilidades (CWE)
CWE-78
Referencias
https://www.nagios.com/changelog/nagios-xi/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/nagios-xi-command-injection-in-report-pdf-download(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.