CVE-2024-43199

Published: Aug 7, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user.

Affected (1)

Products: Nagios: Ndoutils

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nagios Ndoutils	Before 2.1.4

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://github.com/NagiosEnterprises/ndoutils/commit/18ef12037f4a68772d6840cbaa08aa2da07d2891

Source: cve@mitre.org

Patch

https://github.com/NagiosEnterprises/ndoutils/compare/ndoutils-2.1.3...ndoutils-2.1.4

Source: cve@mitre.org

Release Notes

https://github.com/NagiosEnterprises/ndoutils/pull/65

Source: cve@mitre.org

Issue TrackingPatch

http://www.openwall.com/lists/oss-security/2024/08/14/8

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.