CVE-2019-3698 MEDIUM

CVE-2019-3698: nagios cron job allows privilege escalation from user nagios to root

Vendor Suse
Product SUSE Linux Enterprise Server 12
Weakness CWE-59
Published February 28, 2020
Last update September 16, 2024

CVSS base score

5.7/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

What the vulnerability does

01Description

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.

Key dates

02Disclosure timeline

February 28, 2020 CVE published
September 16, 2024 Record updated