CVE-2024-24402

Name of the Vulnerable Software and Affected Versions Nagios XI version 2024R1.01

Description The issue exists due to inadequate protection of the web page structure in the Nagios XI monitoring tool, specifically in the /usr/local/nagios/bin/npcd component. This allows a remote attacker to escalate privileges to the level of root via a crafted script.

Recommendations For Nagios XI version 2024R1.01, consider disabling the /usr/local/nagios/bin/npcd component until a patch is available to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.