N
agios XI versions prior to 2024R1.1.4 contain a local file inclusion (LFI) vulnerability via its NagVis integration. An authenticated user can supply crafted path values that cause the server to include local files, potentially exposing sensitive information from the underlying host.
References
| Link | Resource |
|---|---|
| https://www.nagios.com/changelog/nagios-xi/ | Release Notes |
| https://www.nagios.com/products/security/#nagios-xi | Vendor Advisory |
| https://www.vulncheck.com/advisories/nagios-xi-authenticated-local-file-inclusion-via-nagvis | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
06 Nov 2025, 16:09
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Nagios
Nagios nagios Xi |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| CPE | cpe:2.3:a:nagios:nagios_xi:2024:r1.0.2:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:2024:r1:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:2024:r1.0.1:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:2024:r1.1.1:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:2024:r1.1:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:2024:r1.1.2:*:*:*:*:*:* cpe:2.3:a:nagios:nagios_xi:2024:r1.1.3:*:*:*:*:*:* |
|
| References | () https://www.nagios.com/changelog/nagios-xi/ - Release Notes | |
| References | () https://www.nagios.com/products/security/#nagios-xi - Vendor Advisory | |
| References | () https://www.vulncheck.com/advisories/nagios-xi-authenticated-local-file-inclusion-via-nagvis - Third Party Advisory |
30 Oct 2025, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-30 22:15
Updated : 2025-11-06 16:23
NVD link : CVE-2024-14002
Mitre link : CVE-2024-14002
CVE.ORG link : CVE-2024-14002
JSON object : View
CWE
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')