CVE-2024-13997
BaseFortify
Publication date: 2025-11-03
Last updated on: 2025-11-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nagios | nagios_xi | to 2024 (exc) |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Nagios XI versions prior to 2024R1.1.3 and allows an authenticated administrator to escalate their privileges to root on the underlying host system. By exploiting the Migrate Server feature, an admin-level attacker can perform actions beyond the intended security boundaries of the application, gaining full control over the operating system.
How can this vulnerability impact me? :
If exploited, this vulnerability can give an attacker with admin access complete control over the operating system hosting Nagios XI. This means the attacker could execute arbitrary commands as root, potentially leading to data theft, system compromise, disruption of services, or further attacks within the network.