Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.
References
Link | Resource |
---|---|
https://gist.github.com/leommxj/93edce6f8572cefe79a3d7da4389374e | Exploit Third Party Advisory |
https://www.nagios.com/downloads/nagios-xi/change-log/ | Release Notes Vendor Advisory |
Configurations
History
02 Mar 2021, 19:45
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 7.2 |
CPE | cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* | |
CWE | CWE-94 | |
References | (MISC) https://www.nagios.com/downloads/nagios-xi/change-log/ - Release Notes, Vendor Advisory | |
References | (MISC) https://gist.github.com/leommxj/93edce6f8572cefe79a3d7da4389374e - Exploit, Third Party Advisory |
25 Feb 2021, 14:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-25 14:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-3273
Mitre link : CVE-2021-3273
CVE.ORG link : CVE-2021-3273
JSON object : View
Products Affected
nagios
- nagios_xi
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')