cbcvebase.
CVE-2020-6581
published 2020-03-16

CVE-2020-6581: Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline…

PriorityP336high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
EPSS
1.61%
72.9th percentile
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.

Affected

3 ranges
VendorProductVersion rangeFixed in
debiannagios-nrpe< nagios-nrpe 4.0.0-1 (bookworm)nagios-nrpe 4.0.0-1 (bookworm)
fedoraprojectfedora
nagiosremote_plug_in_executor

CVSS provenance

nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.03.7LOWAV:L/AC:H/Au:N/C:P/I:P/A:P
osv7.3HIGH
vendor_debian7.3HIGH
vendor_redhat7.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.