Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration settings to obtain elevated privileges on the Nagios XI system.
PUBLISHED5.2CWE-269
Nagios XI < 2024R1.2 Privilege Escalation via NagVis Configuration (nagvis.conf)
Problem type
Affected products
Nagios
XI
< 2024R1.2 - UNKNOWN
References
nagios.com
https://www.nagios.com/products/security/#nagios-xi
nagios.com
https://www.nagios.com/changelog/nagios-xi/
vulncheck.com
https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-nagvis-configuration
JSON source
Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2024-14004",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2025-10-31T13:24:45.744Z",
"dateReserved": "2025-10-22T18:42:07.873Z",
"datePublished": "2025-10-30T21:40:51.523Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2025-10-30T21:40:51.523Z"
},
"title": "Nagios XI < 2024R1.2 Privilege Escalation via NagVis Configuration (nagvis.conf)",
"descriptions": [
{
"lang": "en",
"value": "Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration settings to obtain elevated privileges on the Nagios XI system.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration settings to obtain elevated privileges on the Nagios XI system.<br>"
}
]
}
],
"affected": [
{
"vendor": "Nagios",
"product": "XI",
"modules": [
"NagVis configuration (nagvis.conf)"
],
"defaultStatus": "unaffected",
"versions": [
{
"version": "0",
"status": "unknown",
"versionType": "custom",
"lessThan": "2024R1.2"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.nagios.com/products/security/#nagios-xi",
"tags": [
"vendor-advisory",
"patch"
]
},
{
"url": "https://www.nagios.com/changelog/nagios-xi/",
"tags": [
"release-notes",
"patch"
]
},
{
"url": "https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-nagvis-configuration",
"tags": [
"third-party-advisory"
]
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"solutions": [
{
"lang": "en",
"value": "Nagios addresses this vulnerability as \"Nagios XI was vulnerable to privilege escalation via nagvis.conf\" and \"Fixed privilege escalation via nagvis.conf .\"",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Nagios addresses this vulnerability as \"</span><span style=\"background-color: rgb(255, 255, 255);\">Nagios XI was vulnerable to privilege escalation via nagvis.conf\" and \"<span style=\"background-color: rgb(244, 247, 251);\">Fixed privilege escalation via nagvis.conf .\"</span></span><br>"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Exodus Intelligence",
"type": "finder"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-10-31T13:24:45.744Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}