PT-2025-44506 · Nagios Enterprises · Nagios Xi
Leo Trinh
·
Published
2025-10-30
·
Updated
2025-10-31
·
CVE-2024-14008
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Nagios XI versions prior to 2024R1.3.2
Description
Nagios XI is affected by a remote command execution issue in the WinRM Configuration Wizard. A lack of proper input validation allows an authenticated administrator to inject shell metacharacters into backend command invocations. Successful exploitation can lead to arbitrary command execution with the privileges of the Nagios XI web application user. The vulnerable component is the WinRM Configuration Wizard. The issue involves insufficient validation of user-supplied input.
Recommendations
Update Nagios XI to version 2024R1.3.2 or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Xi