Vulnerability Description
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nagios | Nagios Xi | < 5.8.5 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/165978/Nagios-XI-Autodiscovery-Shell-UploadExploitThird Party AdvisoryVDB Entry
- https://www.nagios.com/downloads/nagios-xi/change-log/Release NotesVendor Advisory
- http://packetstormsecurity.com/files/165978/Nagios-XI-Autodiscovery-Shell-UploadExploitThird Party AdvisoryVDB Entry
- https://www.nagios.com/downloads/nagios-xi/change-log/Release NotesVendor Advisory
FAQ
What is CVE-2021-37343?
CVE-2021-37343 is a vulnerability with a CVSS score of 8.8 (HIGH). A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.
How severe is CVE-2021-37343?
CVE-2021-37343 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37343?
Check the references section above for vendor advisories and patch information. Affected products include: Nagios Nagios Xi.