Nagios

Nagios Xi

110 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-37343

Exploit
  • EPSS 80.42%
  • Published 13.08.2021 12:15:06
  • Last modified 21.11.2024 06:14:58

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.

7.2

CVE-2021-3277

  • EPSS 32.14%
  • Published 07.06.2021 22:15:07
  • Last modified 21.11.2024 06:21:12

Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files.

9

CVE-2020-28906

  • EPSS 0.91%
  • Published 24.05.2021 13:15:08
  • Last modified 21.11.2024 05:23:15

Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.

10

CVE-2020-28910

Exploit
  • EPSS 0.52%
  • Published 24.05.2021 13:15:08
  • Last modified 21.11.2024 05:23:16

Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.

10

CVE-2020-28900

Exploit
  • EPSS 0.79%
  • Published 24.05.2021 13:15:07
  • Last modified 21.11.2024 05:23:15

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh...

9

CVE-2021-3273

Exploit
  • EPSS 24.28%
  • Published 25.02.2021 14:15:12
  • Last modified 21.11.2024 06:21:11

Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.

7.2

CVE-2020-22427

Exploit
  • EPSS 39.23%
  • Published 15.02.2021 18:15:13
  • Last modified 21.11.2024 05:13:16

NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all techn...

8.8

CVE-2020-24899

Exploit
  • EPSS 5.53%
  • Published 15.02.2021 18:15:13
  • Last modified 21.11.2024 05:16:10

Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.

9

CVE-2021-25296

Warning Exploit
  • EPSS 93.59%
  • Published 15.02.2021 13:15:12
  • Last modified 14.03.2025 17:07:31

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by ...

9

CVE-2021-25297

Warning Exploit
  • EPSS 54.52%
  • Published 15.02.2021 13:15:12
  • Last modified 30.07.2025 19:11:27

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single...