{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-13986","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-08-28T15:35:33.691Z","datePublished":"2025-08-28T15:49:46.119Z","dateUpdated":"2026-05-15T11:14:34.659Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["MIB Upload (/admin/mibs.php)","Snapshot Rename (/admin/coreconfigsnapshots.php)"],"product":"Nagios XI","vendor":"Nagios","versions":[{"lessThan":"2024R1.3.2","status":"affected","version":"0","versionType":"custom"}]}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nagios:nagios_xi:2024:*:*:*:*:*:*:*","versionEndExcluding":"r1.3.2"}]}]}],"credits":[{"lang":"en","type":"finder","value":"M. Cory Billington of theyhack.me"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Nagios XI &lt; 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename operations. Exploitation results in the placement of attacker-controlled PHP files in a web-accessible directory, executed as the www-data user."}],"value":"Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename operations. Exploitation results in the placement of attacker-controlled PHP files in a web-accessible directory, executed as the www-data user."}],"impacts":[{"capecId":"CAPEC-137","descriptions":[{"lang":"en","value":"CAPEC-137 Parameter Injection"}]},{"capecId":"CAPEC-126","descriptions":[{"lang":"en","value":"CAPEC-126 Path Traversal"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-434","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-05-15T11:14:34.659Z"},"references":[{"tags":["technical-description","exploit"],"url":"https://theyhack.me/Nagios-XI-Authenticated-RCE"},{"tags":["vendor-advisory","patch"],"url":"https://www.nagios.com/changelog/nagios-xi/"},{"tags":["vendor-advisory","patch"],"url":"https://www.nagios.com/products/security/#nagios-xi"},{"tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/nagios-xi-authenticated-arbitrary-file-upload-path-traversal-rce"}],"source":{"discovery":"UNKNOWN"},"title":"Nagios XI < 2024R1.3.2 Authenticated Arbitrary File Upload Path Traversal RCE","x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-13986","role":"CISA Coordinator","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-08-29T03:55:26.479920Z"}}}],"references":[{"url":"https://theyhack.me/Nagios-XI-Authenticated-RCE/","tags":["exploit"]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:47:52.808Z"}}]}}