CVE-2013-10073

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2012R1.6

Description Nagios XI versions prior to 2012R1.6 contain a shell command injection issue in the Auto-Discovery tool. User-controlled input is passed to a shell without proper sanitization or argument quoting, potentially allowing an authenticated user with access to discovery functionality to execute arbitrary commands with the privileges of the application service. The vulnerable component involves passing user-supplied data to a shell command without sufficient validation. The Auto-Discovery tool is affected.

Recommendations Update Nagios XI to version 2012R1.6 or later.