CVE-2021-25298
| CVE Published | 2021-02-15 |
|---|---|
| Related Vendor(s) | nagios |
| Related Product(s) | nagios_xi |
| Exploitation Reported (CISA KEV) | 2022-01-18 |
| CVSS 3 Base Score | 8.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph