PT-2021-21613 · Nagios Xi · Nagios Xi

Published

2021-08-13

Updated

2022-02-22

CVE-2021-37343

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.5

Description A path traversal vulnerability exists in the AutoDiscovery component of Nagios XI, which could lead to post-authenticated remote code execution (RCE) under the security context of the user running Nagios.

Recommendations For versions prior to 5.8.5, update to version 5.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the AutoDiscovery component until a patch is applied.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-37343

Affected Products

Nagios Xi

PT-2021-21613 · Nagios Xi · Nagios Xi

CVE-2021-37343

Weakness Enumeration

Related Identifiers

Affected Products

References · 9