Nagios Support Forum

As per the below article, as many as 11 security vulnerabilities ( CVE-2021-37343 and CVE-2021-37347) have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks.

https://thehackernews.com/2021/09/new-n ... d-let.html

We are running the version 5.8.5 on our Nagios xi. Do we need to worry about these above vulnerabilities if yes then kindly provide us the hotfix/patch update so that we can apply on our Nagios xi server.

Note: we are not using Docker Wizard , Switch Wizard , WatchGuard Wizard.

Hello @IT-OPS-SYS

Thanks for reaching out, to be fully protected against security threats please make sue that you environment is on the latest version with patches. Please see:

https://www.nagios.com/products/security/
https://www.nagios.com/security-faq/

If you are sure you are not using Config Wizards you can move then so they are not accessible for added protection:
Please let us know if you have further questions,
Perry

we are running 5.8.5 version so do we need to worry about these vulnerabilities.

Hello @IT-OPS-SYS

You are correct you should be protected given they are running xi 5.8.5 but would suggest upgrade to xi version 5.8.6 since there are other vulnerabilities fixed.

Thanks,
Perry