← Voltar para CVEs
CVE-2024-13994
CRITICAL9.8
Descricao
Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation, privilege escalation, or full compromise of the Nagios XI web interface depending on the target account.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado10/30/2025
Ultima modificacao11/6/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
nagios:nagios_xi
Fraquezas (CWE)
CWE-862
Referencias
https://www.nagios.com/changelog/nagios-xi/(disclosure@vulncheck.com)
https://www.nagios.com/products/security/#nagios-xi(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/nagios-xi-allow-insecure-logins-missing-authorization(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.