CVE-2024-13994

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.2

Description Nagios XI versions prior to 2024R1.1.2 have a flaw where authorization checks are absent when the 'Allow Insecure Logins' option is active. This allows any user to generate valid login credentials for other users without the necessary permissions. Successful exploitation could result in unauthorized account creation, privilege escalation, or complete compromise of the Nagios XI web interface, depending on the targeted account.

Recommendations Update Nagios XI to version 2024R1.1.2 or later.