Vulnerability Name: | CVE-2021-3273 (CCN-197431) | ||||||||||||
Assigned: | 2021-01-22 | ||||||||||||
Published: | 2021-01-22 | ||||||||||||
Updated: | 2021-03-02 | ||||||||||||
Summary: | Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system. | ||||||||||||
CVSS v3 Severity: | 7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) 6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-94 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-3273 Source: XF Type: UNKNOWN nagiosxi-cve20213273-code-exec(197431) Source: CCN Type: GitHub Web site Nagios Source: MISC Type: Exploit, Third Party Advisory https://gist.github.com/leommxj/93edce6f8572cefe79a3d7da4389374e Source: MISC Type: Release Notes, Vendor Advisory https://www.nagios.com/downloads/nagios-xi/change-log/ Source: CCN Type: Nagios Web site Nagios XI | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||||||
BACK |