PT-2025-44503 · Nagios Enterprises · Nagios Xi
Exodus Intelligence
·
Published
2025-10-30
·
Updated
2025-10-30
·
CVE-2024-14004
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Nagios XI versions prior to 2024R1.2
Description
Nagios XI versions prior to 2024R1.2 have a privilege escalation issue related to how NagVis configuration data (specifically,
nagvis.conf) is handled. An authenticated user may be able to gain higher-level access on the Nagios XI system by manipulating NagVis configuration data or exploiting inadequately validated configuration settings.Recommendations
Update to version 2024R1.2 or later.
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Xi