CVE-2021-3277

Name of the Vulnerable Software and Affected Versions Nagios XI versions 5.7.5 and earlier

Description The issue is related to unlimited file upload of dangerous types in the Nagios XI monitoring tool. Exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is due to improper validation of the rename functionality in the custom-includes component, which allows authenticated admins to upload arbitrary files, potentially leading to remote code execution by uploading php files.

Recommendations For Nagios XI versions 5.7.5 and earlier, consider restricting access to the custom-includes component to minimize the risk of exploitation. As a temporary workaround, avoid using the rename functionality in the custom-includes component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.