CVE-2024-14003

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.2

Description The software contains a flaw due to insufficient validation of inbound NRDP (Nagios Remote Data Processor) request parameters. This allows crafted input to reach command execution paths, potentially enabling an attacker to execute arbitrary commands on the underlying host in the context of the web/Nagios service. The issue affects the NRDP server plugins.

Recommendations Update to version 2024R1.2 or later.