CVE-2014-5009 — Command Injection in Nagios

CWE-77 — Command Injection11 documents6 sources

Severity

9.8CRITICALNVD

EPSS

2.7%

top 14.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nagios Redhat Openstack

Timeline

PublishedMar 31

Latest updateMay 17

Description

Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDnagios/nagios4.2.3

▶NVDredhat/openstack5.0, 6.0+1

Patches

Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-5m9g-pc3f-6pgc: Snoopy allows remote attackers to execute arbitrary commands↗2022-05-17

▶

CVEList

CVE-2014-5009: Snoopy allows remote attackers to execute arbitrary commands↗2017-03-31

▶

📋Vendor Advisories

Red Hat

snoopy: incomplete fixes for command execution flaws↗2014-07-03

▶

Debian

CVE-2014-5009: libphp-snoopy - Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulner...↗2014

▶

💬Community

Bugzilla

CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 wordpress-mu: snoopy: incomplete fixes for command execution flaws [epel-5]↗2014-07-21

▶

Bugzilla

CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 sahana: snoopy: incomplete fixes for command execution flaws [epel-5]↗2014-07-21

▶

Bugzilla

CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [epel-all]↗2014-07-21

▶

Bugzilla

CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [fedora-all]↗2014-07-21

▶

Bugzilla

CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 sahana: snoopy: incomplete fixes for command execution flaws [fedora-all]↗2014-07-21

▶