CVE-2013-1362
CVE-2013-1362 is a high-severity vulnerability in Nagios Remote Plug In Executor with a CVSS 2.0 base score of 7.5. Its EPSS exploit-prediction score of 66% places it in the 99th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-20.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 66% (99th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-20
- Affected product: Nagios Remote Plug In Executor
- Published:
- Last modified:
Description
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
Frequently asked questions
- What is CVE-2013-1362?
- Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
- How severe is CVE-2013-1362?
- CVE-2013-1362 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2013-1362 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 66% (99th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2013-1362?
- CVE-2013-1362 primarily affects Nagios Remote Plug In Executor. In total, 32 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2013-1362?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2013-1362 published?
- CVE-2013-1362 was published on 2013-07-09 and last updated on 2026-06-16.
References
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00006.html
- http://seclists.org/bugtraq/2013/Feb/119
- http://www.exploit-db.com/exploits/24955
- http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability
- https://bugzilla.novell.com/show_bug.cgi?id=807241
Affected products (32)
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:*:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.0b1:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.0b2:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.0b3:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.0b4:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.0b5:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.8b1:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:remote_plug_in_executor:2.12:*:*:*:*:*:*:*
More vulnerabilities in Nagios Remote Plug In Executor
- CVE-2020-6582 — High (CVSS 7.5): Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a…
- CVE-2020-6581 — High (CVSS 7.3): Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and…
All CVEs affecting Nagios Remote Plug In Executor →
Other CWE-20 (Improper Input Validation) vulnerabilities
- CVE-2026-48316 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48281 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48277 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48055 — Critical (CVSS 10.0): Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and…
- CVE-2026-34910 — Critical (CVSS 10.0): A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS…
- CVE-2026-33587 — Critical (CVSS 10.0): Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and…
Browse all CWE-20 (Improper Input Validation) vulnerabilities →