CVE-2021-25297

CVE Published 2021-02-15
Related Vendor(s) nagios
Related Product(s) nagios_xi
Exploitation Reported (CISA KEV) 2022-01-18
CVSS 3 Base Score 8.8 (HIGH)
CVSS 3 Attack Complexity LOW
CVSS 3 Attack Vector NETWORK

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

References