CVE-2021-3193

CRITICAL

Nagios XI < 5.7.0 - Unauthenticated Remote Code Execution via Docker Config Wizard

Title source: llm
STIX 2.1

Description

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.nagios.com/products/security/

Scores

CVSS v3 9.8
EPSS 0.2540
EPSS Percentile 96.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
nagios/nagios_xi < 5.7.0
Published Jan 26, 2021
Tracked Since Feb 18, 2026