8.8

CVE-2024-14004

Nagios XI < 2024R1.2 Privilege Escalation via NagVis Configuration (nagvis.conf)

Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration settings to obtain elevated privileges on the Nagios XI system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NagiosNagios Xi Version < 2024
NagiosNagios Xi Version2024 Updater1
NagiosNagios Xi Version2024 Updater1.0.1
NagiosNagios Xi Version2024 Updater1.0.2
NagiosNagios Xi Version2024 Updater1.1
NagiosNagios Xi Version2024 Updater1.1.1
NagiosNagios Xi Version2024 Updater1.1.2
NagiosNagios Xi Version2024 Updater1.1.3
NagiosNagios Xi Version2024 Updater1.1.4
NagiosNagios Xi Version2024 Updater1.1.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.249
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.