CVE-2024-58273 | THREATINT

Description

Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user (or the backend shell user) to escalate to root on the host.

PUBLISHED Reserved 2025-10-20 | Published 2025-10-30 | Updated 2025-10-31 | Assigner VulnCheck

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-266 Incorrect Privilege Assignment

Product status

Default status

unaffected

Any version before 2024R1.0.2

affected

Credits

Sarang Tumne finder

References

www.nagios.com/products/security/ vendor-advisory patch

www.nagios.com/changelog/ release-notes patch

www.vulncheck.com/...-from-apache-backend-shell-user-to-root third-party-advisory

cve.org (CVE-2024-58273)

nvd.nist.gov (CVE-2024-58273)

Download JSON