CVE-2020-13977
4.9
MEDIUM
CVSS 3.1
EPSS 1.9%
Description
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.
How to fix CVE-2020-13977
To remediate CVE-2020-13977, upgrade the affected package to a fixed version below.
- Debian/nagios4—upgrade to 4.3.4-4 or later
Is CVE-2020-13977 being exploited?
Low — EPSS is 1.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.3.4-4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |