CVE-2024-13997

216.73.217.22

· Published 03/11/2025 22:16 · Modified 06/11/2025 16:24

Labels: CVE-2024-13997 2025-11-03 CVE-2024-13997 CWE-269 [email protected]

Essential information

Published: 03/11/2025 22:16
Modified: 06/11/2025 16:24
Author: —
Creator: —
CVSS: 9.4 CRITICAL (v3) 9.4 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actions outside the intended security scope of the application, resulting in full control of the operating system.

NVD status

Status: Analyzed — CVE has had analysis completed and all data associations made.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
nagios / nagios xi	`cpe:2.3:a:nagios:nagios_xi::::::::`
nagios / nagios xi	`cpe:2.3:a:nagios:nagios_xi:2024:r1::::::`
nagios / nagios xi	`cpe:2.3:a:nagios:nagios_xi:2024:r1.0.1::::::`
nagios / nagios xi	`cpe:2.3:a:nagios:nagios_xi:2024:r1.0.2::::::`
nagios / nagios xi	`cpe:2.3:a:nagios:nagios_xi:2024:r1.1::::::`
nagios / nagios xi	`cpe:2.3:a:nagios:nagios_xi:2024:r1.1.1::::::`
nagios / nagios xi	`cpe:2.3:a:nagios:nagios_xi:2024:r1.1.2::::::`