CVE-2014-4702

Published: Dec 5, 2014Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.

Affected (1)

Products: Nagios: Nagios

Nagios

1 product

Nagios

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nagios Nagios	Up to 2.0.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/58751

Source: cve@mitre.org

http://secunia.com/advisories/61319

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/06/30/6

Source: cve@mitre.org

http://www.securityfocus.com/bid/68293

Source: cve@mitre.org

https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html

Source: cve@mitre.org

http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins