Vulnerabilities

CVE-2020-35269

January 6, 2021

Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.

Summary:

Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.

Reference Links(if available):

https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc

CVSS Score (if available)

v2: 6.8 / MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

v3: 8.8 / HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Links to Exploits(if available)

Tags: CVE, CVE-2020-35269, MISC, Third Party Advisory, vulnerability

CVE-2020-35269

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.

CACTUS Ransomware Victim: https://www[.]ghimli[.]com /

Cisco Products Multiple Vulnerabilities

T2 – 94,584 breached accounts

CISA: CISA Releases Three Industrial Control Systems Advisories

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.

CACTUS Ransomware Victim: https://www[.]ghimli[.]com /

Cisco Products Multiple Vulnerabilities

T2 – 94,584 breached accounts

CISA: CISA Releases Three Industrial Control Systems Advisories