CVE-2023-28354 – Opsview Monitor Agent Command Injection

1月 9, 2025
11:16 pm

CVE ID : CVE-2023-28354

Published : Jan. 9, 2025, 10:15 p.m. | 1 hour, 1 minute ago

Description : An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NRPE plugin execution. This allows the attacker to escape NRPE plugin execution and execute commands remotely on the target as NT_AUTHORITYSYSTEM.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2023-28354 – Opsview Monitor Agent Command Injection

Elvescore.io

Recent Posts

CVE-2024-56376 – REDCap Cross-Site Scripting (XSS)

CVE-2024-56377 – REDCap Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2025-21380 – Azure SaaS Resource Authentication Bypass