QSearchQSearch

CVE-2021-3193

9.8 CRITICAL

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unaut...

Published: 2021-01-26 · Last updated: 2026-06-17

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

VendorProduct
nagiosnagios_xi

Description

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-40345 An issue was discovered in Nagios XI 5.8.5 (7.2 HIGH)
  • CVE-2021-40344 An issue was discovered in Nagios XI 5.8.5 (7.2 HIGH)
  • CVE-2021-40343 An issue was discovered in Nagios XI 5.8.5 (7.8 HIGH)
  • CVE-2021-38156 In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard (5.4 MEDIUM)
  • CVE-2021-3277 Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality ... (7.2 HIGH)