Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-25298: Nagios - Network, Server and Log Monitoring Software

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.

CVE
#vulnerability#ios#windows#linux#php#auth

What Can Nagios Help You Do?

Windows Monitoring

Linux Monitoring

Server Monitoring

Application Monitoring

SNMP Monitoring

Log Monitoring

Nagios XI provides monitoring of all mission-critical infrastructure components including applications, services, operating systems, network protocols, systems metrics, and network infrastructure. Hundreds of third-party addons provide for monitoring of virtually all in-house and external applications, services, and systems.

Nagios Log Server greatly simplifies the process of searching your log data. Set up alerts to notify you when potential threats arise, or simply query your log data to quickly audit any system. With Nagios Log Server, you get all of your log data in one location, with high availability and fail-over built right in. Did we mention no data limits?

Nagios Fusion offers your network a high degree of visibility and scalability, helping solve problems that come with multiple networks and geographical separation. By allowing you to visualize multiple Nagios XI and Core servers in one location, network management becomes simplified by centralization.

See how we help thousands of companies save money and eliminate downtime

See more Nagios Case Studies here

EverWatch Global

Nagios helps e-commerce retail giant reach $125,000,000 in additional sales with to 98% annual uptime.

Astiostech

Single-point monitoring and high availability for 2,500+ servers and 5,000+ network devices.

The University of St. Thomas

University uses better data to improve purchasing decisions, bandwidth allocation, and reaction to anomalies.

Petrofac

Energy solutions giant sees increased capabilities, productivity by deploying Nagios.

Gain extended insight into your network with enterprise-class network monitoring, alerting, and analysis.

**Nagios Network Analyzer
**

Network traffic, bandwidth monitoring, and flow analysis for your entire IT infrastructure.

**Nagios Log Server
**

Get the most out of your data. Monitor, manage, visualize, archive, analyze, and alert on all of your log data.

Nagios Fusion

Distributed network monitoring made easy. Visualize and manage all of your Nagios monitoring systems from a single screen.

Ready to Try Nagios?

You can try any of our solutions free for 30 days with no restrictions. Monitor your entire IT infrastructure, quickly sort log data, or analyze your bandwidth with Nagios. Nagios is helping organizations around the world make better business decisions with proven IT infrastructure monitoring, data collection, and netflow analysis solutions.

Related news

Nagios XI 5.7.5 Remote Code Execution

This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apache user. Valid credentials for a Nagios XI user are required. This module has been successfully tested against official NagiosXI OVAs versions 5.5.6 through 5.7.5.

CVE-2019-9167: Security Disclosures - Nagios

Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907