VDB
CVE-2018-13457
CVE-2018-13457
PUBLISHED
CVSS 5.5 MEDIUM
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
EPSS 0.57% · 69.2th percentile
Risk Scores
CVSS 3.0
5.5
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.57%
69.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| nagios | nagios_core | 0 |
| n/a | n/a | n/a |
Exploit Intelligence
- https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab (nist-nvd)
- https://www.exploit-db.com/exploits/45082/ (nist-nvd)
- https://knowledge.opsview.com/v5.4/docs/whats-new (circl)
- https://knowledge.opsview.com/v5.3/docs/whats-new (circl)
- openSUSE-SU-2020:0500 (circl)
- openSUSE-SU-2020:0517 (circl)
- Nagios Core 4.4.1 - Denial of Service Vulnerability (0day-today)
- Nagios Core 4.4.1 - Denial of Service Vulnerability (0day-today)
Timeline
- Jul 12, 2018 CVE Published
- Jul 24, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://knowledge.opsview.com/v5.4/docs/whats-new url
- https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab url
- 45082 exploit
- https://knowledge.opsview.com/v5.3/docs/whats-new url
- openSUSE-SU-2020:0500 vendor-advisory
- openSUSE-SU-2020:0517 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-13457 advisory
- https://www.exploit-db.com/exploits/45082 url