CISA Known Exploited Vulnerability

CVE-2021-25297

Nagios · Nagios XI

Nagios XI OS Command Injection

Date added 2022-01-18

BOD 22-01 due date 2022-02-01

CWE CWE-78, CWE-138

Ransomware Unknown

CISA description

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

Required action

Apply updates per vendor instructions.

Notes & references

https://nvd.nist.gov/vuln/detail/CVE-2021-25297

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

External lookups