Page 1 of 1

CVE-2021-37344

Posted: Thu Sep 23, 2021 12:40 pm
by Master_Chief_Jon
I have seen where the Subject CVE affects Nagios XI, but can anyone tell me if this CVE (and the 12 others) also affects the latest version of Nagios Core (v4.4.6)? Since Nagios Core hasn't been updated in 18 months, I'm GUESSING that those CVEs do affect it.

Re: CVE-2021-37344

Posted: Thu Sep 23, 2021 4:34 pm
by benjaminsmith
Hi Master_Chief_Jon,

That's correct and thanks for asking. Those are related to the config wizards and autodiscovery component. Anyone using those should make sure they are on the latest version. More info on our security page.

https://www.nagios.com/products/security/

--Benjamin

Re: CVE-2021-37344

Posted: Mon Sep 27, 2021 6:50 pm
by mcapra
In the case of CVE-2021-37344 specifically, the "Nagios XI Switch Wizard" is not included with Nagios Core and there would be no cause for concern unless you, for whatever reason, decided to include that component in a Nagios Core installation yourself. It would be quite non-standard to do this.