CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-40345

An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.765

EPSS Ranking 98.9%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 9.0

References

https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
https://github.com/ArianeBlow/NagiosXI-EmersonFI/blob/main/README.md
https://synacktiv.com
https://www.synacktiv.com/sites/default/files/2021-10/Nagios_XI_multiple_vulnerabilities_0.pdf
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
https://github.com/ArianeBlow/NagiosXI-EmersonFI/blob/main/README.md
https://synacktiv.com
https://www.synacktiv.com/sites/default/files/2021-10/Nagios_XI_multiple_vulnerabilities_0.pdf

Products affected by CVE-2021-40345

Nagios » Nagios Xi » Version: 5.8.5

cpe:2.3:a:nagios:nagios_xi:5.8.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40345

Products

Pricing

Contact Us