What is CVE-2020-35578?

CVE-2020-35578 is a vulnerability in N/a. Published 2021-01-13.

Is CVE-2020-35578 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-35578

An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.

EPSS: 0.852 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
rapid7/metasploit-framework
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
Mr-Tree-S/POC_

References

www.nagios.com/downloads/nagios-xi/change-log/ (x_refsource_MISC)
www.nagios.com/products/security/ (x_refsource_CONFIRM)
packetstormsecurity.com/files/160948/Nagios-XI-5.7.x-Remote-Code-Execution.html (x_refsource_MISC)
packetstormsecurity.com/files/162207/Nagios-XI-Remote-Code-Execution.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-35578?: CVE-2020-35578 is a vulnerability in N/a. Published 2021-01-13.
Is CVE-2020-35578 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.