PT-2025-44504 · Nagios Enterprises · Nagios Xi
Exodus Intelligence
·
Published
2025-10-30
·
Updated
2025-10-31
·
CVE-2024-14005
CVSS v4.0
9.4
Critical
| AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Nagios XI versions prior to 2024R1.2
Description
Nagios XI versions prior to 2024R1.2 have a command injection issue in the Docker Wizard. A lack of proper input validation allows a user with administrator privileges to inject shell metacharacters. This can lead to arbitrary command execution with the privileges of the Nagios XI web application user. The vulnerable component is the Docker Wizard, where user-supplied input is not sufficiently validated before being used in backend command invocations.
Recommendations
Update Nagios XI to version 2024R1.2 or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Xi