Nagios Xi@5.8.5 Security Vulnerabilities and Issues — Nagios Xi@5.8.5 CVE List

Lucene search

NagiosNagios Xi5.8.5

3 matches found

CVE•added 2021/10/26 11:15 a.m.•42 views

CVE-2021-40345

An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.

9CVSS7.3AI score0.76499EPSS

CVE•added 2021/10/26 11:15 a.m.•39 views

CVE-2021-40344

An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.

7.2CVSS7.2AI score0.6721EPSS

CVE•added 2021/10/26 11:15 a.m.•37 views

CVE-2021-40343

An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user.

7.8CVSS7.6AI score0.00458EPSS