CVE-2024-13997: Privilege Escalation in Nagios XI
Platform
nagios
Component
nagios-xi
Fixed in
2024R1.1.3
CVE-2024-13997 describes a privilege escalation vulnerability discovered in Nagios XI. An authenticated administrator can abuse the Migrate Server feature to escalate their privileges to root on the underlying Linux host. This vulnerability affects Nagios XI versions prior to 2024R1.1.3 and has been resolved with the release of version 2024R1.1.3.
Impact and Attack Scenarios
Successful exploitation of CVE-2024-13997 allows an authenticated administrator to gain root privileges on the Nagios XI server. This grants the attacker complete control over the operating system, enabling them to install malware, modify system configurations, access sensitive data, and potentially pivot to other systems within the network. The impact is significant, as it bypasses the intended security boundaries of the Nagios XI application and grants unrestricted access to the underlying infrastructure. This is particularly concerning in environments where Nagios XI is used to monitor critical infrastructure, as a compromised XI server could be used to disrupt operations or exfiltrate sensitive data.
Exploitation Context
CVE-2024-13997 was publicly disclosed on November 3, 2025. Currently, there is no indication of active exploitation in the wild. The vulnerability is not listed on the CISA KEV catalog at the time of this writing. Public proof-of-concept code is not yet available, but the vulnerability's nature suggests that it is likely to be exploited once a PoC is released.
Threat Intelligence
Exploit Status
EPSS
0.20% (42% percentile)
CISA SSVC
Affected Software
Weakness Classification (CWE)
Timeline
- Reserved
- Published
- Modified
- EPSS updated
Mitigation and Workarounds
The primary mitigation for CVE-2024-13997 is to upgrade Nagios XI to version 2024R1.1.3 or later. If an immediate upgrade is not feasible, consider restricting access to the Migrate Server feature to only trusted administrators. While not a complete solution, implementing strict role-based access control (RBAC) can limit the potential damage if the vulnerability is exploited. Monitor Nagios XI logs for any unusual activity related to the migration process. After upgrading, confirm the fix by attempting to trigger the Migrate Server feature with an administrator account and verifying that privilege escalation is prevented.
How to fix
Actualice Nagios XI a la versión 2024R1.1.3 o posterior. Esta actualización corrige la vulnerabilidad de escalada de privilegios en la función de migración del servidor. Después de la actualización, asegúrese de revisar los permisos y la configuración del sistema para confirmar que no se hayan realizado cambios no autorizados.
CVE Security Newsletter
Vulnerability analysis and critical alerts directly to your inbox.
Frequently asked questions
What is CVE-2024-13997 — Privilege Escalation in Nagios XI?
CVE-2024-13997 is a vulnerability in Nagios XI allowing authenticated administrators to gain root privileges via the Migrate Server feature, potentially compromising the entire system.
Am I affected by CVE-2024-13997 in Nagios XI?
You are affected if you are running Nagios XI versions 0–2024R1.1.2. Upgrade to 2024R1.1.3 or later to mitigate the risk.
How do I fix CVE-2024-13997 in Nagios XI?
Upgrade Nagios XI to version 2024R1.1.3 or later. As a temporary workaround, restrict access to the Migrate Server feature to trusted administrators.
Is CVE-2024-13997 being actively exploited?
There is currently no evidence of active exploitation in the wild, but the vulnerability's nature suggests potential for future exploitation.
Where can I find the official Nagios XI advisory for CVE-2024-13997?
Refer to the official Nagios XI security advisory for detailed information and instructions: [https://support.nagios.com/kb/article/136237/nagios-xi-security-advisory-cve-2024-13997/]
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.