7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.97 High
EPSS
Percentile
99.7%
Secunia reports:
A vulnerability has been reported in Nagios, which can be
exploited by malicious users to potentially compromise a
vulnerable system.
Input passed to the “ping” parameter in statuswml.cgi is not
properly sanitised before being used to invoke the ping command.
This can be exploited to inject and execute arbitrary shell
commands.
Successful exploitation requires access to the ping feature
of the WAP interface.