CVE-2014-2913
CVE-2014-2913 is a high-severity vulnerability in Nagios Remote Plugin Executor with a CVSS 2.0 base score of 7.5. Its EPSS exploit-prediction score of 15% places it in the 96th percentile, indicating an elevated likelihood of exploitation.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 15% (96th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Nagios Remote Plugin Executor
- Published:
- Last modified:
Description
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments
Frequently asked questions
- What is CVE-2014-2913?
- Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments
- How severe is CVE-2014-2913?
- CVE-2014-2913 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2014-2913 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 15% (96th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2014-2913?
- CVE-2014-2913 primarily affects Nagios Remote Plugin Executor. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2014-2913?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2014-2913 published?
- CVE-2014-2913 was published on 2014-05-07 and last updated on 2026-06-17.
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166528.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00011.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00005.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00014.html
- http://seclists.org/fulldisclosure/2014/Apr/240
- http://seclists.org/fulldisclosure/2014/Apr/242
- http://seclists.org/oss-sec/2014/q2/154
- http://seclists.org/oss-sec/2014/q2/155
- http://www.securityfocus.com/bid/66969
Affected products (4)
- cpe:2.3:a:nagios:remote_plugin_executor:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*