CVE-2021-37343

HIGH

Nagios XI Autodiscovery Webshell Upload

Title source: metasploit

Description

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Claroty Team82, jbaines-r7 · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagios_xi_autodiscovery_webshell.rb

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/165978/Nagios-XI-Autodiscovery-Shell-Upload.html

[Release Notes, Vendor Advisory] https://www.nagios.com/downloads/nagios-xi/change-log/

Scores

CVSS v3 8.8

EPSS 0.8260

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

nagios/nagios_xi < 5.8.5

Published Aug 13, 2021

Tracked Since Feb 18, 2026