CVE-2021-37344

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Master_Chief_Jon
Posts: 23
Joined: Fri Nov 19, 2010 1:31 pm

CVE-2021-37344

Post by Master_Chief_Jon »

I have seen where the Subject CVE affects Nagios XI, but can anyone tell me if this CVE (and the 12 others) also affects the latest version of Nagios Core (v4.4.6)? Since Nagios Core hasn't been updated in 18 months, I'm GUESSING that those CVEs do affect it.
benjaminsmith
Posts: 5324
Joined: Wed Aug 22, 2018 4:39 pm
Location: saint paul

Re: CVE-2021-37344

Post by benjaminsmith »

Hi Master_Chief_Jon,

That's correct and thanks for asking. Those are related to the config wizards and autodiscovery component. Anyone using those should make sure they are on the latest version. More info on our security page.

https://www.nagios.com/products/security/

--Benjamin
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: CVE-2021-37344

Post by mcapra »

In the case of CVE-2021-37344 specifically, the "Nagios XI Switch Wizard" is not included with Nagios Core and there would be no cause for concern unless you, for whatever reason, decided to include that component in a Nagios Core installation yourself. It would be quite non-standard to do this.
Former Nagios employee
https://www.mcapra.com/
Locked