CVE-2023-28354

Published: Jan 9, 2025

Modified: Jan 10, 2025

PUBLISHED

Description

An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NRPE plugin execution. This allows the attacker to escape NRPE plugin execution and execute commands remotely on the target as NT_AUTHORITY\SYSTEM.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/stormfleet/CVE-2023-28354/blob/main/README.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-28354

Description

Affected Products

References