CVE-2021-33177 — HIGH (8.8)

Q: How severe is CVE-2021-33177?

CVE-2021-33177 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-33177?

Check the references section above for vendor advisories and patch information. Affected products include: Nagios Nagios Xi.

Vulnerability Description

The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Nagios	Nagios Xi	< 5.8.5

Related Weaknesses (CWE)

CWE-89

References

https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xiThird Party Advisory
https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xiThird Party Advisory

FAQ

What is CVE-2021-33177?

CVE-2021-33177 is a vulnerability with a CVSS score of 8.8 (HIGH). The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but on...

How severe is CVE-2021-33177?

CVE-2021-33177 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-33177?

Check the references section above for vendor advisories and patch information. Affected products include: Nagios Nagios Xi.