CVE-2021-47700 – Nagios XI versions before 5.8.7 use insecure pe... (How to Fix)

Q: What is the severity of CVE-2021-47700?

CVE-2021-47700 has a CVSS score of 7.8 (HIGH). Nagios XI versions before 5.8.7 use insecure permissions on a temporary directory for Highcharts exports, allowing local or co-hosted processes to read, modify, or delete exported files. This vulnerability could lead to data disclosure, tampering, or potentially code execution depending on deployment configuration. Organizations running Nagios XI versions prior to 5.8.7 are affected.

📋 TL;DR

Nagios XI versions before 5.8.7 use insecure permissions on a temporary directory for Highcharts exports, allowing local or co-hosted processes to read, modify, or delete exported files. This vulnerability could lead to data disclosure, tampering, or potentially code execution depending on deployment configuration. Organizations running Nagios XI versions prior to 5.8.7 are affected.

💻 Affected Systems

Products:

Nagios XI

Versions: All versions prior to 5.8.7

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations where Nagios XI runs under Apache user with insecure temporary directory permissions.

📦 What is this software?

Nagios Xi by Nagios

View all CVEs affecting Nagios Xi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers or co-hosted processes achieve remote code execution by manipulating exported files, potentially compromising the entire Nagios XI monitoring system and monitored infrastructure.

🟠

Likely Case

Unauthorized access to sensitive monitoring data, manipulation of exported charts/reports, or denial of service by deleting critical export files.

🟢

If Mitigated

Limited to information disclosure of exported chart data if proper isolation prevents code execution.

🌐 Internet-Facing: MEDIUM - While primarily a local vulnerability, internet-facing Nagios XI instances could be exploited if attackers gain initial access through other means.

🏢 Internal Only: HIGH - Internal attackers or compromised systems on the same host can directly exploit this vulnerability to access sensitive monitoring data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access or ability to run processes on the same host as Nagios XI. The vulnerability is straightforward to exploit once local access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.8.7

Vendor Advisory: https://www.nagios.com/changelog/nagios-xi/

Restart Required: Yes

Instructions:

1. Backup current Nagios XI configuration and data. 2. Download Nagios XI 5.8.7 or later from the Nagios website. 3. Follow the official upgrade instructions at https://assets.nagios.com/downloads/nagiosxi/docs/Upgrading-Nagios-XI.pdf. 4. Restart Apache and Nagios services after upgrade.

🔧 Temporary Workarounds

Secure temporary directory permissions

linux

Manually adjust permissions on the Highcharts temporary directory to restrict access

chmod 700 /usr/local/nagiosxi/var/components/highcharts/tmp
chown nagios:nagios /usr/local/nagiosxi/var/components/highcharts/tmp

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local access to Nagios XI server
Isolate Nagios XI on dedicated hardware or virtual machine with no other services running

🔍 How to Verify

Check if Vulnerable:

Check Nagios XI version via web interface (Admin > About) or command: grep 'fullversion' /usr/local/nagiosxi/var/xiversion

Check Version:

grep 'fullversion' /usr/local/nagiosxi/var/xiversion

Verify Fix Applied:

Verify version is 5.8.7 or later and check directory permissions: ls -la /usr/local/nagiosxi/var/components/highcharts/tmp

📡 Detection & Monitoring

Log Indicators:

Unauthorized file access attempts in /usr/local/nagiosxi/var/components/highcharts/tmp
Apache error logs showing permission denied errors for Highcharts exports

Network Indicators:

Unusual local process communication with Nagios XI server

SIEM Query:

source="apache" AND (path="*highcharts*" OR message="*permission denied*")

📊 Metadata

CVE ID: CVE-2021-47700

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-250

EPSS Score: 0.09% exploit probability (25.5th percentile)

Published: October 30, 2025

Last Updated: November 5, 2025

🔗 References

https://www.nagios.com/changelog/nagios-xi/ Release Notes
https://www.vulncheck.com/advisories/nagios-xi-insecure-permissions-on-highcharts-temporary-directory Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47700, you might also want to check these: