Home

Description

Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename operations. Exploitation results in the placement of attacker-controlled PHP files in a web-accessible directory, executed as the www-data user.

PUBLISHED Reserved 2025-08-28 | Published 2025-08-28 | Updated 2025-08-29 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

* before 2024R1.3.2
affected

Credits

M. Cory Billington of theyhack.me finder

References

theyhack.me/Nagios-XI-Authenticated-RCE technical-description exploit

www.nagios.com/changelog/ vendor-advisory patch

www.nagios.com/products/security/ vendor-advisory patch

cve.org (CVE-2024-13986)

nvd.nist.gov (CVE-2024-13986)

Download JSON