Login Sign Up

CVE-2021-36363

9.8 CRITICAL

📋 TL;DR

Nagios XI versions before 5.8.5 have incorrect permissions on migrate.php, allowing unauthorized access. This vulnerability affects Nagios XI monitoring systems and could allow attackers to execute arbitrary code or access sensitive data. All Nagios XI installations below version 5.8.5 are vulnerable.

💻 Affected Systems

Products:
  • Nagios XI
Versions: All versions before 5.8.5
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Nagios XI is typically deployed on Linux systems for network monitoring.

📦 What is this software?

Nagios Xi by Nagios

View all CVEs affecting Nagios Xi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Unauthorized access to sensitive monitoring data, configuration files, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only information disclosure.

🌐 Internet-Facing: HIGH - Directly accessible web interface with critical vulnerability.
🏢 Internal Only: HIGH - Internal attackers or compromised systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability involves incorrect file permissions allowing unauthorized access to a critical script.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.8.5

Vendor Advisory: https://www.nagios.com/downloads/nagios-xi/change-log/

Restart Required: No

Instructions:

1. Backup your Nagios XI configuration. 2. Download Nagios XI 5.8.5 or later from the official Nagios website. 3. Follow the upgrade instructions in the Nagios XI documentation. 4. Verify the migrate.php file permissions are properly set.

🔧 Temporary Workarounds

Restrict migrate.php permissions

linux

Manually set correct permissions on the vulnerable migrate.php file to prevent unauthorized access.

chmod 600 /usr/local/nagiosxi/html/includes/migrate.php
chown nagios:nagios /usr/local/nagiosxi/html/includes/migrate.php

🧯 If You Can't Patch

  • Implement strict network access controls to limit access to Nagios XI web interface
  • Monitor for unauthorized access attempts to migrate.php in web server logs

🔍 How to Verify

Check if Vulnerable:

Check Nagios XI version via web interface or command line. If version is below 5.8.5, check migrate.php permissions with: ls -la /usr/local/nagiosxi/html/includes/migrate.php

Check Version:

grep 'product_version' /usr/local/nagiosxi/etc/xi-sys.cfg | cut -d'=' -f2

Verify Fix Applied:

Verify Nagios XI version is 5.8.5 or higher and check migrate.php permissions show 600 and owned by nagios:nagios

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to /includes/migrate.php in web server logs
  • Unusual file permission changes on migrate.php

Network Indicators:

  • HTTP requests to migrate.php from unexpected sources
  • Unusual outbound connections from Nagios XI server

SIEM Query:

source="apache" OR source="nginx" AND (url="/includes/migrate.php" OR url="*migrate.php*")

📊 Metadata

CVE ID: CVE-2021-36363
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-276
Published: September 28, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36363, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)