Plataforma
nagios
Componente
nagios-xi
Corrigido em
2024R1.0.1
CVE-2024-14009 describes a privilege escalation vulnerability discovered in Nagios XI. This flaw allows authenticated administrators to execute actions outside the application's security scope, potentially leading to root access on the XI server. The vulnerability affects versions prior to 2024R1.0.1. A patch is available in version 2024R1.0.1.
The System Profile feature in Nagios XI, designed for administrative diagnostics and configuration, is the root cause of this vulnerability. An attacker, already possessing administrative credentials, can exploit improper access controls and unsafe handling of profile data to escalate their privileges. Successful exploitation grants the attacker root access to the underlying XI server, enabling them to execute arbitrary commands, modify system configurations, and potentially compromise the entire system. This represents a significant security risk, as it bypasses standard application-level security measures and grants direct control over the host operating system. The potential for data exfiltration, system disruption, and further lateral movement within the network is substantial.
CVE-2024-14009 was publicly disclosed on 2025-10-30. Currently, there are no known public proof-of-concept exploits available. The EPSS score is pending evaluation. This vulnerability has not yet been added to the CISA KEV catalog.
Organizations heavily reliant on Nagios XI for monitoring and those with limited network segmentation are particularly at risk. Environments where administrative credentials are broadly distributed or lack strong authentication controls are also more vulnerable. Shared hosting environments running Nagios XI should be carefully assessed for potential exposure.
• linux / server: Monitor Nagios XI logs (typically located in /var/log/nagios/) for unusual activity related to System Profile exports and imports. Look for errors or unexpected commands being executed.
journalctl -u nagios -f | grep 'System Profile'• php: Examine Nagios XI configuration files for any unusual or unauthorized settings within the System Profile configuration. • generic web: Monitor network traffic to and from the Nagios XI server for suspicious requests related to System Profile endpoints. Use a web application firewall (WAF) to detect and block malicious requests.
disclosure
Status do Exploit
EPSS
0.20% (percentil 42%)
CISA SSVC
The primary mitigation for CVE-2024-14009 is to immediately upgrade Nagios XI to version 2024R1.0.1 or later. If upgrading is not immediately feasible, consider restricting access to the System Profile feature to a minimal set of trusted administrators. Review and audit existing System Profile configurations to identify any potentially malicious settings. While a WAF or proxy cannot directly mitigate this vulnerability, implementing strict network segmentation and access controls can limit the potential impact of a successful exploitation. After upgrading, confirm the fix by attempting to export and import a System Profile as an administrator and verifying that no unauthorized actions are executed.
Actualice Nagios XI a la versión 2024R1.0.1 o posterior. Esta actualización corrige la vulnerabilidad de escalada de privilegios en el componente System Profile. La actualización se puede realizar a través de la interfaz de administración de Nagios XI o descargando la última versión del sitio web de Nagios.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-14009 is a vulnerability in Nagios XI versions prior to 2024R1.0.1 that allows an authenticated administrator to escalate privileges and potentially gain root access to the XI server.
If you are running Nagios XI versions 0–2024R1.0.1, you are potentially affected by this vulnerability. Upgrade to version 2024R1.0.1 or later to mitigate the risk.
The recommended fix is to upgrade Nagios XI to version 2024R1.0.1 or a later version that includes the security patch. Restricting access to the System Profile feature can provide a temporary workaround.
As of 2025-10-30, there are no confirmed reports of active exploitation of CVE-2024-14009, but it's crucial to apply the patch promptly.
Please refer to the official Nagios XI security advisory for detailed information and updates regarding CVE-2024-14009: [https://support.nagios.com/kb/article/137677/nagios-xi-security-advisory-cve-2024-14009/]
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.