check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 09 Oct 2024 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Nagios
Nagios plugins
Weaknesses CWE-77
CPEs cpe:2.3:a:nagios:plugins:*:*:*:*:*:*:*:*
Vendors & Products Nagios
Nagios plugins
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 09 Oct 2024 05:45:00 +0000

Type Values Removed Values Added
Description check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-10-09T21:30:44.545Z

Reserved: 2023-06-28T00:00:00

Link: CVE-2023-37154

cve-icon Vulnrichment

Updated: 2024-10-09T21:24:49.763Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-09T06:15:12.943

Modified: 2024-10-10T12:51:56.987

Link: CVE-2023-37154

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.