Vulnerability DatabaseCVE-2020-6584

CVE-2020-6584:
Nagios vulnerability analysis and mitigation

Overview

CVE-2020-6584 affects Nagios Log Server version 2.1.3, identified as an Incorrect Access Control vulnerability. The vulnerability was discovered and disclosed on March 16, 2020. This security issue impacts the authentication mechanism of Nagios Log Server, allowing potential session token theft (Medium Blog).

Technical details

The vulnerability allows an attacker to steal csrf_ls and PHPSESSID tokens of an administrator account through a privilege escalation vulnerability. Specifically, users with limited access can store queries accessible to all users, which can be leveraged to escalate privileges. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

Impact

The vulnerability enables attackers to perform unauthorized administrative actions by stealing and reusing valid session tokens. This could lead to complete compromise of the logging system's configuration and data access (Medium Blog).

Mitigation and workarounds

The vulnerability was addressed in subsequent releases of Nagios Log Server. Users should upgrade to a version newer than 2.1.3. The fix was documented in the official changelog (Release Notes).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

6.5

Score

Published March 16, 2020

Severity MEDIUM

CNA Score N/A

Affected Technologies

Nagios

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 64.6

Exploitation Probability (EPSS) 0.5

Affected packages and libraries

nagios
cpe:2.3:a:nagios:nagios

Sources

Homebrew
- Homebrew Severity MEDIUMNo FixAdded at: Feb 12, 2024
Nix
- Nix Severity MEDIUMNo FixAdded at: Oct 10, 2023
NVD
- Linux Severity MEDIUMNo FixAdded at: Nov 23, 2021

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Nagios vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2020-35269	HIGH	8.8	Nagios	nagios4	No	No	Dec 23, 2020
CVE-2020-6585	HIGH	8.8	Nagios	nagios	No	No	Mar 16, 2020
CVE-2020-6584	MEDIUM	6.5	Nagios	nagios	No	No	Mar 16, 2020
CVE-2020-6586	MEDIUM	5.4	Nagios	nagios	No	No	Mar 16, 2020
CVE-2020-13977	MEDIUM	4.9	Nagios	nagios	No	Yes	Jun 09, 2020

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2020-6584: Nagios vulnerability analysis and mitigation