Executive Summary

CVE-2024-13992 is a cross-site scripting (XSS) vulnerability in Nagios XI versions prior to 2024R1.1. It occurs in the page-missing.php component, which handles the 404 error page. This component does not properly validate or escape user-supplied input when a user visits the missing page after following a link from another website. An attacker can craft a malicious URL that executes arbitrary JavaScript in the victim's browser within the Nagios XI domain when visited. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an attacker to execute arbitrary JavaScript in the victim's browser within the Nagios XI domain. This could lead to actions such as session hijacking, defacement, or other malicious activities performed in the context of the victim's session. However, the CVSS score indicates no direct impact on confidentiality, integrity, or availability, and the attack requires user interaction and low privileges. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if your Nagios XI installation is a version prior to 2024R1.1 and by testing if the page-missing.php (404 error page) improperly handles user-supplied input. One way to detect it is to craft a URL that points to a non-existent page on your Nagios XI server with malicious JavaScript code embedded in the URL parameters and observe if the script executes in the browser. There are no specific commands provided in the resources to detect this vulnerability on the network or system. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade Nagios XI to version 2024R1.1 or later, where the issue in page-missing.php has been fixed. Applying this update will address the cross-site scripting vulnerability. Additionally, avoid clicking on suspicious links that lead to the 404 page in Nagios XI until the update is applied. [2]

Useful 0 Not Useful 0