CVE-2021-40345

Sažetak

An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.

Reference

https://www.synacktiv.com/sites/default/files/2021-10/Nagios_XI_multiple_vulnerabilities_0.pdf
https://synacktiv.com
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
https://github.com/ArianeBlow/NagiosXI-EmersonFI/blob/main/README.md

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-11-2022 - 03:38

Objavljeno

26-10-2021 - 11:15