Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 10 Jan 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-94 | |
| Metrics |
cvssV3_1
|
Thu, 09 Jan 2025 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NRPE plugin execution. This allows the attacker to escape NRPE plugin execution and execute commands remotely on the target as NT_AUTHORITY\SYSTEM. | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-01-10T17:22:15.946Z
Reserved: 2023-03-14T00:00:00.000Z
Link: CVE-2023-28354
Updated: 2025-01-10T17:22:10.460Z
Status : Deferred
Published: 2025-01-09T22:15:26.613
Modified: 2026-06-17T05:47:31.670
Link: CVE-2023-28354
No data.
OpenCVE Enrichment
No data.