PT-2025-44800 · Nagios Enterprises · Nagios Xi
Published
2024-05-28
·
Updated
2025-11-04
·
CVE-2024-13997
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Nagios XI versions prior to 2024R1.1.3
Description
Nagios XI versions prior to 2024R1.1.3 have a flaw that allows an authenticated administrator to gain root privileges on the host system. This is achieved by exploiting the Migrate Server feature, which allows an attacker to execute actions beyond the intended security boundaries of the application, ultimately gaining full control of the operating system.
Recommendations
Update Nagios XI to version 2024R1.1.3 or later.
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Xi