A vulnerability has been identified in Nagios XI. The vulnerability could allow for Remote Code Execution (RCE) through SQL Injection. The vulnerability (CVE-2024-24401) has a Critical CVSSv3.1 score of 9.8 out of 10.
Description:
CVE-2024-24401 involves exploitation of improper SQL command handling in Nagios XI version 2024R1.0.1 that can allow any user regardless of privilege level to authenticate as admin with full privileges and remote code execution capabilities.
While not a new or unpatched issue, a recent update to a proof-of-concept exploit that allows for easy generation of a reverse shell has sparked renewed interest around the vulnerability and unpatched publicly accessible Nagios XI instances are considered at high risk.
Affected Versions:
Nagios XI version 2024R1.0.1 and earlier are potentially vulnerable.
Recommendations:
- Ensure Nagios XI servers are updated to at least version 2024R1.0.2 and later.
- Ensure automatic updates are enabled for future instances.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-24401
https://github.com/MAWK0235/CVE-2024-24401
https://nvd.nist.gov/vuln/detail/CVE-2024-24401
https://www.nagios.com/changelog/