CVE-2021-40345

Name of the Vulnerable Software and Affected Versions Nagios XI version 5.8.5

Description An issue was discovered in the Manage Dashlets section of the Admin panel, where an administrator can upload ZIP files. A command injection, within the name of the first file in the archive, allows an attacker to execute system commands.

Recommendations For Nagios XI version 5.8.5, consider restricting access to the Manage Dashlets section of the Admin panel to minimize the risk of exploitation. As a temporary workaround, avoid uploading ZIP files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.