CVE-2025-34323
BaseFortify
Publication date: 2025-11-17
Last updated on: 2025-11-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nagios | log_server | to 2026 (exc) |
| nagios | log_server | 2026 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Nagios Log Server versions before 2026R1.0.1 have a local privilege escalation vulnerability. This happens because the web server user has passwordless sudo access to certain maintenance scripts and is also in a group that can write to the directory containing those scripts. A local attacker with web server user privileges can replace one of these scripts with a malicious one and then run it with sudo, gaining root-level arbitrary code execution.
How can this vulnerability impact me? :
This vulnerability allows a local attacker with access to the web server user account to escalate their privileges to root. This means they can execute arbitrary code with full system privileges, potentially compromising the entire system, accessing sensitive data, modifying system configurations, or disrupting services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately upgrade Nagios Log Server to version 2026R1.0.1 or later. Additionally, review and restrict sudo rules and file system permissions to ensure that the web server account does not have write access to directories containing scripts that can be executed with sudo privileges.