CVE-2024-13998
Essential information
- Published
- 03/11/2025 22:16
- Modified
- 06/11/2025 16:25
- Author
- —
- Creator
- —
- CVSS
- 6.0 MEDIUM (v3) 6.0 MEDIUM (v4.0)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
—
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Attack requirements
- PRESENT
- Privileges required
- LOW
- User interaction
- NONE
- Confidentiality (V)
- HIGH
- Confidentiality (S)
- NONE
- Integrity (V)
- NONE
- Integrity (S)
- NONE
- Availability (V)
- NONE
- Availability (S)
- NONE
- Exploit maturity
- NOT_DEFINED
Description
Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts. CVE-2024-13995 addresses a similar vulnerability with a potentially incomplete fix for the underlying problem in earlier versions.
NVD status
- Status
- Analyzed — CVE has had analysis completed and all data associations made.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| nagios / nagios xi | cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* |
| nagios / nagios xi | cpe:2.3:a:nagios:nagios_xi:2024:r1:*:*:*:*:*:* |
| nagios / nagios xi | cpe:2.3:a:nagios:nagios_xi:2024:r1.0.1:*:*:*:*:*:* |
| nagios / nagios xi | cpe:2.3:a:nagios:nagios_xi:2024:r1.0.2:*:*:*:*:*:* |
| nagios / nagios xi | cpe:2.3:a:nagios:nagios_xi:2024:r1.1:*:*:*:*:*:* |
| nagios / nagios xi | cpe:2.3:a:nagios:nagios_xi:2024:r1.1.1:*:*:*:*:*:* |
| nagios / nagios xi | cpe:2.3:a:nagios:nagios_xi:2024:r1.1.2:*:*:*:*:*:* |