CVE-2013-1362

Public on 2013-06-20
Modified on 2014-09-15
Description
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
Severity
Important severity
Important
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 nrpe 2013-06-20 ALAS-2013-203 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
NVD CVSSv2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P