An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user.
References
Link | Resource |
---|---|
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT | Release Notes Vendor Advisory |
https://synacktiv.com | Not Applicable |
https://www.synacktiv.com/sites/default/files/2021-10/Nagios_XI_multiple_vulnerabilities_0.pdf | Exploit Third Party Advisory |
Configurations
History
01 Nov 2021, 19:49
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://synacktiv.com - Not Applicable | |
References | (MISC) https://www.synacktiv.com/sites/default/files/2021-10/Nagios_XI_multiple_vulnerabilities_0.pdf - Exploit, Third Party Advisory | |
References | (MISC) https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT - Release Notes, Vendor Advisory | |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
CPE | cpe:2.3:a:nagios:nagios_xi:5.8.5:*:*:*:*:*:*:* |
26 Oct 2021, 11:40
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-10-26 11:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-40343
Mitre link : CVE-2021-40343
CVE.ORG link : CVE-2021-40343
JSON object : View
Products Affected
nagios
- nagios_xi
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource