CVE-2021-37343: 
Nagios XI vulnerability analysis and mitigation

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component that could lead to post-authenticated remote code execution (RCE) under the security context of the user running Nagios. The vulnerability was disclosed on August 13, 2021, and is tracked as CVE-2021-37343 (NVD, Claroty).

The vulnerability is a path traversal issue that allows an authenticated attacker to write a file inside a directory of the web server, enabling them to drop a webshell or execute PHP scripts, or write PHP code inside a crontab to achieve code execution in the Apache user's context. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impact on confidentiality, integrity, and availability (NVD, Hacker News).

If exploited, this vulnerability allows authenticated attackers to execute arbitrary code under the security context of the Apache web server user (www-data). Since Nagios XI oversees critical network components and core servers, and often contains network secrets such as credentials and API tokens, successful exploitation could lead to significant compromise of the monitored infrastructure (Hacker News).

The vulnerability has been fixed in Nagios XI version 5.8.5. Organizations are strongly advised to upgrade to this version or later to mitigate the risk. Additionally, it is recommended to limit access to the network management system only to privileged insiders and closely monitor access to and activity on it (Help Net Security).