Remote Command Execution Vulnerability in Nagios XI by Nagios
CVE-2024-14008

9.4CRITICAL

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2024-14008?

Nagios XI versions prior to 2024R1.3.2 are susceptible to a remote command execution vulnerability through the WinRM Configuration Wizard. The issue arises from inadequate validation of user-supplied input, allowing an authenticated administrator to inject shell metacharacters into backend command invocations. If exploited, this vulnerability permits arbitrary command execution with the privileges of the Nagios XI web application user, potentially compromising the integrity and security of the system.

Affected Version(s)

XI 0

References

https://www.nagios.com/products/security/#nagios-xi
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-rce-via-wi...
third-party-advisory

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Leo Trinh
JSON
.
CVE-2024-14008 : Remote Command Execution Vulnerability in Nagios XI by Nagios