PT-2021-20061 · Nagvis+1 · Nagvis+1
Scott Tolley
·
Published
2021-10-14
·
Updated
2025-05-01
·
CVE-2021-33178
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:S/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
NagVis versions prior to 1.9.29
Description
The Manage Backgrounds functionality within NagVis is vulnerable to an authenticated path traversal vulnerability. This vulnerability allows a malicious actor to arbitrarily delete files on the local system.
Recommendations
For NagVis versions prior to 1.9.29, update to version 1.9.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the Manage Backgrounds functionality until a patch is available.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Nagvis