{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-14004","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-10-22T18:42:07.873Z","datePublished":"2025-10-30T21:40:51.523Z","dateUpdated":"2025-11-17T18:21:49.174Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["NagVis configuration (nagvis.conf)"],"product":"XI","vendor":"Nagios","versions":[{"lessThan":"2024R1.2","status":"unknown","version":"0","versionType":"custom"}]}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nagios:nagios_xi:2024:*:*:*:*:*:*:*","versionEndExcluding":"r1.2"}]}]}],"credits":[{"lang":"en","type":"finder","value":"Exodus Intelligence"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration settings to obtain elevated privileges on the Nagios XI system.
"}],"value":"Nagios XI versions prior to 2024R1.2 containĀ a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration settings to obtain elevated privileges on the Nagios XI system."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"CWE-269 Improper Privilege Management","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2025-11-17T18:21:49.174Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.nagios.com/products/security/#nagios-xi"},{"tags":["release-notes","patch"],"url":"https://www.nagios.com/changelog/nagios-xi/"},{"tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-nagvis-configuration"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Nagios addresses this vulnerability as \"Nagios XI was vulnerable to privilege escalation via nagvis.conf\" and \"Fixed privilege escalation via nagvis.conf .\"
"}],"value":"Nagios addresses this vulnerability as \"Nagios XI was vulnerable to privilege escalation via nagvis.conf\" and \"Fixed privilege escalation via nagvis.conf .\""}],"source":{"discovery":"UNKNOWN"},"title":"Nagios XI < 2024R1.2 Privilege Escalation via NagVis Configuration (nagvis.conf)","x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-31T13:05:57.004075Z","id":"CVE-2024-14004","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-31T13:24:45.744Z"}}]}}