CVE-2021-3193
CRITICALNagios XI < 5.7.0 - Unauthenticated Remote Code Execution via Docker Config Wizard
Title source: llmDescription
Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.nagios.com/products/security/
Scores
CVSS v3
9.8
EPSS
0.0977
EPSS Percentile
95.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
nagios/nagios_xi
< 5.7.0
Published
Jan 26, 2021
Tracked Since
Feb 18, 2026