Nagios XI 5.8.5

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:nagios:nagios_xi:5.8.5:*:*:*:*:*:*:*

part: a version: 5.8.5 update: *

VendorNagios (7fb1328e-019e-51f8-8fa9-c12efadd1bbe)
ProductNagios Xi (7baa8382-9566-5d4f-a39b-a6738305acfe)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-40345 vulnerable 2026-06-03 14:45:23.396377 Details available
An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.
Published: 2021-10-26T00:00:00.000Z
Updated: 2024-08-04T02:27:31.917Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-40344 vulnerable 2026-06-03 14:45:23.396051 Details available
An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.
Published: 2021-10-26T10:52:00.000Z
Updated: 2024-08-04T02:27:31.907Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-40343 vulnerable 2026-06-03 14:45:23.395630 Details available
An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user.
Published: 2021-10-26T10:51:53.000Z
Updated: 2024-08-04T02:27:31.983Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.