Advisory September 5, 2024

Nagios XI Critical Vulnerability with CVE-2024-24401

The Obrela Threat Intelligence Team

A vulnerability has been identified in Nagios XI. The vulnerability could allow for Remote Code Execution (RCE) through SQL Injection. The vulnerability (CVE-2024-24401) has a Critical CVSSv3.1 score of 9.8 out of 10.

 

Description:

CVE-2024-24401 involves exploitation of improper SQL command handling in Nagios XI version 2024R1.0.1 that can allow any user regardless of privilege level to authenticate as admin with full privileges and remote code execution capabilities.

 

While not a new or unpatched issue, a recent update to a proof-of-concept exploit that allows for easy generation of a reverse shell has sparked renewed interest around the vulnerability and unpatched publicly accessible Nagios XI instances are considered at high risk.

 

Affected Versions:

Nagios XI version 2024R1.0.1 and earlier are potentially vulnerable.

 

Recommendations:

  • Ensure Nagios XI servers are updated to at least version 2024R1.0.2 and later.
  • Ensure automatic updates are enabled for future instances.

 

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-24401

https://github.com/MAWK0235/CVE-2024-24401

https://nvd.nist.gov/vuln/detail/CVE-2024-24401

https://www.nagios.com/changelog/

security shield over cityscape