Headline
CVE-2021-25298: Nagios - Network, Server and Log Monitoring Software
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
What Can Nagios Help You Do?
Windows Monitoring
Linux Monitoring
Server Monitoring
Application Monitoring
SNMP Monitoring
Log Monitoring
Nagios XI provides monitoring of all mission-critical infrastructure components including applications, services, operating systems, network protocols, systems metrics, and network infrastructure. Hundreds of third-party addons provide for monitoring of virtually all in-house and external applications, services, and systems.
Nagios Log Server greatly simplifies the process of searching your log data. Set up alerts to notify you when potential threats arise, or simply query your log data to quickly audit any system. With Nagios Log Server, you get all of your log data in one location, with high availability and fail-over built right in. Did we mention no data limits?
Nagios Fusion offers your network a high degree of visibility and scalability, helping solve problems that come with multiple networks and geographical separation. By allowing you to visualize multiple Nagios XI and Core servers in one location, network management becomes simplified by centralization.
See how we help thousands of companies save money and eliminate downtime
See more Nagios Case Studies here
EverWatch Global
Nagios helps e-commerce retail giant reach $125,000,000 in additional sales with to 98% annual uptime.
Astiostech
Single-point monitoring and high availability for 2,500+ servers and 5,000+ network devices.
The University of St. Thomas
University uses better data to improve purchasing decisions, bandwidth allocation, and reaction to anomalies.
Petrofac
Energy solutions giant sees increased capabilities, productivity by deploying Nagios.
Gain extended insight into your network with enterprise-class network monitoring, alerting, and analysis.
**Nagios Network Analyzer
**
Network traffic, bandwidth monitoring, and flow analysis for your entire IT infrastructure.
**Nagios Log Server
**
Get the most out of your data. Monitor, manage, visualize, archive, analyze, and alert on all of your log data.
Nagios Fusion
Distributed network monitoring made easy. Visualize and manage all of your Nagios monitoring systems from a single screen.
Ready to Try Nagios?
You can try any of our solutions free for 30 days with no restrictions. Monitor your entire IT infrastructure, quickly sort log data, or analyze your bandwidth with Nagios. Nagios is helping organizations around the world make better business decisions with proven IT infrastructure monitoring, data collection, and netflow analysis solutions.
Related news
This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apache user. Valid credentials for a Nagios XI user are required. This module has been successfully tested against official NagiosXI OVAs versions 5.5.6 through 5.7.5.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.