CVE-2024-13997
HIGH WAF: Low
CVSS 7.2
Published: 2025-11-03
CWE-269
Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actions outside the intended security scope of the application, resulting in full control of the operating system.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| nagios | nagios_xi | up to 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
References
- www.nagios.com (Release Notes)
- www.nagios.com (Vendor Advisory)
- www.vulncheck.com (Third Party Advisory)