CVE-2021-3273

moderate-risk

Published 2021-02-25

Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.

Do I need to act?

25.5% chance of exploitation in next 30 days

EPSS score — higher than 74% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (1)

Nagios Xi

Affected Vendors

Nagios

References (4)

Exploit https://gist.github.com/leommxj/93edce6f8572cefe79a3d7da4389374e

Release Notes https://www.nagios.com/downloads/nagios-xi/change-log/

Exploit https://gist.github.com/leommxj/93edce6f8572cefe79a3d7da4389374e

Release Notes https://www.nagios.com/downloads/nagios-xi/change-log/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 15/34 · Moderate

Exposure 5/34 · Minimal