CVE-2021-37344

Engage with the community of users including those using the open source solutions.
Includes Nagios Core, Plugins, and NCPA

CVE-2021-37344

Postby Master_Chief_Jon » Thu Sep 23, 2021 12:40 pm

I have seen where the Subject CVE affects Nagios XI, but can anyone tell me if this CVE (and the 12 others) also affects the latest version of Nagios Core (v4.4.6)? Since Nagios Core hasn't been updated in 18 months, I'm GUESSING that those CVEs do affect it.
Master_Chief_Jon
 
Posts: 23
Joined: Fri Nov 19, 2010 1:31 pm

Re: CVE-2021-37344

Postby benjaminsmith » Thu Sep 23, 2021 4:34 pm

Hi Master_Chief_Jon,

That's correct and thanks for asking. Those are related to the config wizards and autodiscovery component. Anyone using those should make sure they are on the latest version. More info on our security page.

https://www.nagios.com/products/security/

--Benjamin
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
benjaminsmith
 
Posts: 5083
Joined: Wed Aug 22, 2018 4:39 pm
Location: saint paul

Re: CVE-2021-37344

Postby mcapra » Mon Sep 27, 2021 6:50 pm

In the case of CVE-2021-37344 specifically, the "Nagios XI Switch Wizard" is not included with Nagios Core and there would be no cause for concern unless you, for whatever reason, decided to include that component in a Nagios Core installation yourself. It would be quite non-standard to do this.
Former Nagios employee
https://www.mcapra.com/
User avatar
mcapra
 
Posts: 3724
Joined: Thu May 05, 2016 3:54 pm


Return to Community Support

Who is online

Users browsing this forum: Majestic-12 [Bot] and 31 guests