CVE-2021-40344: Malicious File Upload
First published: Tue Oct 26 2021(Updated: )
An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Nagios XI | =5.8.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-40344?
CVE-2021-40344 is a vulnerability in Nagios XI 5.8.5 that allows remote command execution.
How severe is CVE-2021-40344?
CVE-2021-40344 has a severity level of 7.2 (High).
How does CVE-2021-40344 affect Nagios XI?
CVE-2021-40344 affects Nagios XI version 5.8.5.
What is the CWE ID for CVE-2021-40344?
The CWE ID for CVE-2021-40344 is CWE-434.
How can I fix CVE-2021-40344?
To fix CVE-2021-40344, update Nagios XI to the latest version available and apply any patches or mitigations provided by the vendor.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/nagios
- canonical/nagios nagios xi
- version/nagios nagios xi/5.8.5