Researchers at Claroty discover 11 vulnerabilities in NagiosXI

Researchers at Claroty discovered 11 vulnerabilities in NagiosXI that, in combination, could be used to take over network infrastructure remotely.

Eleven vulnerabilities in NagiosXI were discovered and disclosed by researchers at Claroty. These include remote code execution (RCE), server-side request forgery (SSRF), SQL injection, local privilege escalation (LPE), local file inclusion, open redirect, and path traversal vulnerabilities. The researchers were able to chain together two of these vulnerabilities (CVE-2021-37343 and CVE-2021-37347) to perform a post-auth RCE followed by a local privilege escalation to eventually open a reverse shell with root privileges. Updates were released In August for Nagios XI, Nagios XI Docker Wizard, Nagios XI WatchGuard Wizard, and Nagios XI Switch Wizard that address all of these vulnerabilities.

CVEs

  • CVE-2021-37353
  • CVE-2021-37352
  • CVE-2021-37351
  • CVE-2021-37350
  • CVE-2021-37349
  • CVE-2021-37348
  • CVE-2021-37347
  • CVE-2021-37346
  • CVE-2021-37345
  • CVE-2021-37344
  • CVE-2021-37343

Updates to NagiosXI have been released to address the issues.

Update Nagios XI, Nagios XI Docker Wizard, Nagios XI WatchGuard Wizard, and Nagios XI Switch Wizard to the latest versions

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: