CVE-2013-1362

Public on 2013-06-20
Modified on 2014-09-15
Description

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

Severity
Important
See what this means
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 nrpe 2013-06-20 14:14 ALAS-2013-203

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
NVD CVSSv2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P