Vulnerability Name: | CVE-2021-3193 (CCN-195460) | ||||||||||||
Assigned: | 2021-01-21 | ||||||||||||
Published: | 2021-01-21 | ||||||||||||
Updated: | 2021-02-03 | ||||||||||||
Summary: | Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. | ||||||||||||
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-noinfo | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-3193 Source: XF Type: UNKNOWN nagios-cve20213193-code-exec(195460) Source: CCN Type: Nagios Web site Nagios Source: MISC Type: Vendor Advisory https://www.nagios.com/products/security/ | ||||||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||||||
BACK |