← Back

CVE-2011-10035

nvd nist
Published: Oct 30, 2025Modified: Nov 6, 2025

JSON object

Loading...
7.3
Vector
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

Nagios XI versions prior to 2011R1.9 contain privilege escalation vulnerabilities in the scripts that install or update system crontab entries. Due to time-of-check/time-of-use race conditions and missing synchronization or final-path validation, a local low-privileged user could manipulate filesystem state during crontab installation to influence the files or commands executed with elevated privileges, resulting in execution with higher privileges.

Affected (10)

Products: Nagios: Nagios Xi
Nagios
1 product
Nagios Xi
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Nagios
Nagios Xi
Up to 2009
Nagios Xi
Version 2011 r1.1
Nagios Xi
Version 2011 r1.2
Nagios Xi
Version 2011 r1.3
Nagios Xi
Version 2011 r1.4
Nagios Xi
Version 2011 r1.5
Nagios Xi
Version 2011 r1.6
Nagios Xi
Version 2011 r1.7
Nagios Xi
Version 2011 r1.8
Nagios Xi
Version 2011 r1

Related CWEs

CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

References (2)

Source: disclosure@vulncheck.com
Release Notes
Source: disclosure@vulncheck.com
Third Party Advisory

Timeline

No history available yet.