Nagios

Nagios Xi

110 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-37343

Exploit
  • EPSS 80.42%
  • Veröffentlicht 13.08.2021 12:15:06
  • Zuletzt bearbeitet 21.11.2024 06:14:58

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.

7.2

CVE-2021-3277

  • EPSS 32.14%
  • Veröffentlicht 07.06.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:12

Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files.

9

CVE-2020-28906

  • EPSS 0.91%
  • Veröffentlicht 24.05.2021 13:15:08
  • Zuletzt bearbeitet 21.11.2024 05:23:15

Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.

10

CVE-2020-28910

Exploit
  • EPSS 0.52%
  • Veröffentlicht 24.05.2021 13:15:08
  • Zuletzt bearbeitet 21.11.2024 05:23:16

Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.

10

CVE-2020-28900

Exploit
  • EPSS 0.79%
  • Veröffentlicht 24.05.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:23:15

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh...

9

CVE-2021-3273

Exploit
  • EPSS 24.28%
  • Veröffentlicht 25.02.2021 14:15:12
  • Zuletzt bearbeitet 21.11.2024 06:21:11

Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.

7.2

CVE-2020-22427

Exploit
  • EPSS 39.23%
  • Veröffentlicht 15.02.2021 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:13:16

NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all techn...

8.8

CVE-2020-24899

Exploit
  • EPSS 5.53%
  • Veröffentlicht 15.02.2021 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:16:10

Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.

9

CVE-2021-25296

Warnung Exploit
  • EPSS 93.59%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 14.03.2025 17:07:31

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by ...

9

CVE-2021-25297

Warnung Exploit
  • EPSS 54.52%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 30.07.2025 19:11:27

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single...