Privilege Escalation via Insecure Permissions in Nagios XI 5.7.5 and earlier

CVE-2020-28910 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.

Learn more about our Cis Benchmark Audit For Apple Ios.