Missing Access Control in Nagios XI Web SSH Terminal
CVE-2023-7317

9.4CRITICAL

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2023-7317?

Nagios XI before version 2024R1 is impacted by a missing access control vulnerability within the Web SSH Terminal. This flaw enables remote, low-privileged attackers to gain unauthorized access and interact with the terminal interface. As a result, this could lead to unauthorized command execution or the potential disclosure of sensitive information. Users are strongly encouraged to apply the necessary security patches to mitigate this risk.

Affected Version(s)

XI 0 < 2024R1

References

https://www.nagios.com/products/security/#nagios-xi
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-web-ssh-te...
third-party-advisory

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pankaj Kumar Thrakur
JSON
.
CVE-2023-7317 : Missing Access Control in Nagios XI Web SSH Terminal