CVE-2023-28354
CriticalSummary
An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NRPE plugin execution. This allows the attacker to escape NRPE plugin execution and execute commands remotely on the target as NT_AUTHORITY\SYSTEM.
Risk Assessment
The risk for the organization includes the possibility of complete system compromise by a remote unauthenticated attacker, potentially leading to data theft, malware installation, or further attacks on the infrastructure.
Recommendation
It is recommended to immediately update Opsview Monitor Agent to the latest version that fixes this vulnerability. Additionally, review the NRPE plugin configuration and restrict the acceptance of command control characters.
Original NVD description (English source)
An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NRPE plugin execution. This allows the attacker to escape NRPE plugin execution and execute commands remotely on the target as NT_AUTHORITY\SYSTEM.

