The vulnerabilities were discovered by researchers at industrial cybersecurity firm Claroty as part of a research project focusing on the use of network management systems in IT, OT and IoT networks.
The security holes have been found to impact Nagios XI, XI Switch Wizard, XI Docker Wizard, and XI WatchGuard. The vendor released patches for each of the impacted products in August.
Nagios Core is an open source tool designed for monitoring IT infrastructure, and Nagios XI is a commercial version that expands the Core version’s capabilities. The vendor says its software is used by thousands of organizations worldwide, including some major brands such as Verizon and IBM.