Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2y62-terv-2qfc
Vulnerability ID VCID-2y62-terv-2qfc
Aliases CVE-2008-4796
Summary Multiple vulnerabilities have been found in Nagios, the worst of which could lead to privilege escalation.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
System Score Found at
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2008-4796
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2008-4796
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2008-4796
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2008-4796
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2008-4796
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2008-4796
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2008-4796
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2008-4796
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2008-4796
epss 0.0109 https://api.first.org/data/v1/epss?cve=CVE-2008-4796
cvssv2 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2008-4796
Reference id Reference type URL
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html
http://jvn.jp/en/jp/JVN20502807/index.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4796.json
https://api.first.org/data/v1/epss?cve=CVE-2008-4796
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796
http://secunia.com/advisories/32361
https://exchange.xforce.ibmcloud.com/vulnerabilities/46068
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
http://sourceforge.net/forum/forum.php?forum_id=879959
https://www.nagios.org/projects/nagios-core/history/4x/
http://www.debian.org/security/2008/dsa-1691
http://www.debian.org/security/2009/dsa-1871
http://www.openwall.com/lists/oss-security/2008/11/01/1
http://www.securityfocus.com/archive/1/496068/100/0/threaded
http://www.securityfocus.com/bid/31887
http://www.vupen.com/english/advisories/2008/2901
469320 https://bugzilla.redhat.com/show_bug.cgi?id=469320
504168 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504168
504234 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504234
cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*
cpe:2.3:a:snoopy_project:snoopy:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:snoopy_project:snoopy:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
CVE-2008-4796 https://nvd.nist.gov/vuln/detail/CVE-2008-4796
GLSA-201702-26 https://security.gentoo.org/glsa/201702-26
USN-791-1 https://usn.ubuntu.com/791-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2008-4796
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.77878
EPSS Score 0.0109
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:01:47.210218+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201702-26 38.0.0