CVE-2021-37344
CRITICALNagios XI Switch Wizard < 2.5.7 - Remote Code Execution via OS Command Injection
Title source: llmDescription
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.nagios.com/downloads/nagios-xi/change-log/
Scores
CVSS v3
9.8
EPSS
0.5702
EPSS Percentile
98.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
nagios/nagios_xi_switch_wizard
< 2.5.7
Published
Aug 13, 2021
Tracked Since
Feb 18, 2026