CVE-2021-3193
9.8 CRITICALImproper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unaut...
Published: 2021-01-26 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
| Vendor | Product |
|---|---|
| nagios | nagios_xi |
Description
Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3193
- [Vendor advisory]https://www.nagios.com/products/security/
- [Vendor advisory]https://www.nagios.com/products/security/
Related CVEs
Same vendor
- CVE-2021-40345 — An issue was discovered in Nagios XI 5.8.5 (7.2 HIGH)
- CVE-2021-40344 — An issue was discovered in Nagios XI 5.8.5 (7.2 HIGH)
- CVE-2021-40343 — An issue was discovered in Nagios XI 5.8.5 (7.8 HIGH)
- CVE-2021-38156 — In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard (5.4 MEDIUM)
- CVE-2021-3277 — Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality ... (7.2 HIGH)