CRITICAL🇵🇱 Wersja polska

CVE-2024-14003

CVSS 9.4v4.0pub. 2025-10-30upd. 2025-11-06

Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its NRDP (Nagios Remote Data Processor) server plugins. Insufficient validation of inbound NRDP request parameters allows crafted input to reach command execution paths, enabling attackers to execute arbitrary commands on the underlying host in the context of the web/Nagios service.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Nagios Xi

    APP
    Nagios
    2024< 2024
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2024-13997CRITICAL9.4PL ✓ten sam produkt

Nagios XI — privilege escalation do root via Migrate Server

CVE-2024-13996CRITICAL9.2PL ✓ten sam produkt

Nagios XI — brak unieważniania sesji po zmianie hasła (CVE-2024-13996)

CVE-2020-36856CRITICAL9.4PL ✓ten sam produkt

Nagios XI — authenticated RCE przez command injection w CCM

CVE-2023-7317CRITICAL9.4PL ✓ten sam produkt

Nagios XI – brak kontroli dostępu w Web SSH Terminal (RCE/ujawnienie danych)

CVE-2024-14005CRITICAL9.4PL ✓ten sam produkt

Command injection w Nagios XI — podatność w Docker Wizard

CVE-2024-14003 — Nagios — Nagios Xi — CRITICAL — CVSS 9.4 | CVEbaza.pl