Nagios XI 2024 R1.4.2
Approved changes feed: RSS · Atom
cpe:2.3:a:nagios:nagios_xi:2024:r1.4.2:*:*:*:*:*:*
part: a version: 2024 update: r1.4.2
| Vendor | Nagios (7fb1328e-019e-51f8-8fa9-c12efadd1bbe) |
|---|---|
| Product | Nagios Xi (7baa8382-9566-5d4f-a39b-a6738305acfe) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-34287 |
vulnerable | 2026-06-03 15:00:44.388866 |
Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl
Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary code execution as the nagios user when the script is next run. This improper ownership and permission configuration enables local privilege escalation.
Published: 2025-10-30T21:39:43.482Z
Updated: 2025-11-17T18:21:51.502Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34284 |
vulnerable | 2026-06-03 15:00:44.385369 |
Nagios XI < 2024R2 Authenticated Command Injection via WinRM Plugin
Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitation enables arbitrary command execution with the privileges of the Nagios XI web application user and can be leveraged to modify configuration, exfiltrate data, disrupt monitoring operations, or execute commands on the underlying host operating system.
Published: 2025-10-30T21:30:19.179Z
Updated: 2025-11-17T18:21:51.157Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.