PT-2021-22864 · Nagios Xi · Nagios Xi
Published
2021-10-26
·
Updated
2021-11-01
·
CVE-2021-40343
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nagios XI version 5.8.5
Description
An issue was discovered in Nagios XI where insecure file permissions on the
nagios unbundler.py file allow the nagios user to elevate their privileges to the root user.Recommendations
For Nagios XI version 5.8.5, consider restricting access to the
nagios unbundler.py file to prevent privilege escalation until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Xi