← Back to CVEs

CVE-2024-13986

HIGH

8.8

Description

Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename operations. Exploitation results in the placement of attacker-controlled PHP files in a web-accessible directory, executed as the www-data user.

CVE Details

CVSS v3.1 Score8.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published8/28/2025

Last Modified11/4/2025

Sourcenvd

Honeypot Sightings0

Affected Products

nagios:nagios_xi

Weaknesses (CWE)

CWE-22CWE-434CWE-22CWE-434

References

https://theyhack.me/Nagios-XI-Authenticated-RCE(disclosure@vulncheck.com)

https://www.nagios.com/changelog/nagios-xi/(disclosure@vulncheck.com)

https://www.nagios.com/products/security/#nagios-xi(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/nagios-xi-authenticated-arbitrary-file-upload-path-traversal-rce(disclosure@vulncheck.com)

https://theyhack.me/Nagios-XI-Authenticated-RCE/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.