CVE-2013-1362
Nagios Remote Plugin Executor - Arbitrary Command Execution
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
Vulenrabilidad de lista negra incompleta en nrpc.c en Nagios Remote Plug-In Executor (NRPE) anteriroes a v2.14 podría permitir a atacantes remotos ejecutar comandos del sistema a través de los metacaracteres "$()" , que son procesados por bash.
The Nagios Remote Plugin Executor (NRPE) is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dont_blame_nrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NRPE makes an effort to sanitize arguments to prevent command execution, it is possible to execute arbitrary commands.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-01-14 CVE Reserved
- 2013-02-22 CVE Published
- 2013-04-12 First Exploit
- 2024-08-06 CVE Updated
- 2024-10-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/bugtraq/2013/Feb/119 | Mailing List |
|
| http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability | X_refsource_misc | |
| https://bugzilla.novell.com/show_bug.cgi?id=807241 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/24955 | 2013-04-12 | |
| http://www.exploit-db.com/exploits/24955 | 2024-08-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.4 Search vendor "Opensuse" for product "Opensuse" and version "11.4" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 12.1 Search vendor "Opensuse" for product "Opensuse" and version "12.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 12.2 Search vendor "Opensuse" for product "Opensuse" and version "12.2" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | <= 2.13 Search vendor "Nagios" for product "Remote Plug In Executor" and version " <= 2.13" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 1.3 Search vendor "Nagios" for product "Remote Plug In Executor" and version "1.3" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 1.4 Search vendor "Nagios" for product "Remote Plug In Executor" and version "1.4" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 1.5 Search vendor "Nagios" for product "Remote Plug In Executor" and version "1.5" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 1.6 Search vendor "Nagios" for product "Remote Plug In Executor" and version "1.6" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 1.7 Search vendor "Nagios" for product "Remote Plug In Executor" and version "1.7" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 1.8 Search vendor "Nagios" for product "Remote Plug In Executor" and version "1.8" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 1.9 Search vendor "Nagios" for product "Remote Plug In Executor" and version "1.9" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.0 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.0" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.0b1 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.0b1" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.0b2 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.0b2" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.0b3 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.0b3" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.0b4 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.0b4" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.0b5 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.0b5" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.3 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.3" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.4 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.4" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.5 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.5" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.5.1 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.5.1" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.5.2 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.5.2" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.6 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.6" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.7 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.7" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.7.1 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.7.1" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.8 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.8" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.8.1 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.8.1" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.8b1 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.8b1" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.9 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.9" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.10 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.10" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.11 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.11" | - |
Affected
| ||||||
| Nagios Search vendor "Nagios" | Remote Plug In Executor Search vendor "Nagios" for product "Remote Plug In Executor" | 2.12 Search vendor "Nagios" for product "Remote Plug In Executor" and version "2.12" | - |
Affected
| ||||||