Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2017-14312

Published: 11/09/2017 Updated: 03/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Nagios Core

Vulnerability Summary

Nagios Core up to and including 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nagios nagios core

Vendor Advisories

Red Hat: CVE-2017-14312
Nagios Core through 434 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagioscfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account ...

References

CWE-269https://github.com/NagiosEnterprises/nagioscore/issues/424http://www.securityfocus.com/bid/100881https://security.gentoo.org/glsa/201812-03https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2017-14312
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook