ByteOS Network

CVE Vulnerability Details :

CVE-2024-14002

PUBLISHED

More Info Official Page

Assigner-VulnCheck

Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At-30 Oct, 2025 | 21:30

Updated At-17 Nov, 2025 | 18:21

▼CVE Numbering Authority (CNA)

Nagios XI < 2024R1.1.4 Authenticated Local File Inclusion via NagVis

Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion (LFI) vulnerability via its NagVis integration. An authenticated user can supply crafted path values that cause the server to include local files, potentially exposing sensitive information from the underlying host.

Affected Products

Vendor

Nagios Enterprises, LLC

Product

Modules

NagVis integration

Default Status

unaffected

Versions

unknown

From 0 before 2024R1.1.4 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-98	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Type: CWE

CWE ID: CWE-98

Description: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Metrics

Version	Base score	Base severity	Vector
4.0	7.1	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Version: 4.0

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Solutions

Nagios addresses this vulnerability as "Nagios XI is vulnerable to an authenticated Local File Inclusion attack via Nagvis." and as part of "Fixed both XSS in Executive Summary report and ajaxhelper endpoint that was too open."

Credits

finder

Márk Rákóczi

References

Hyperlink	Resource
https://www.nagios.com/products/security/#nagios-xi	vendor-advisory patch
https://www.nagios.com/changelog/nagios-xi/	release-notes patch
https://www.vulncheck.com/advisories/nagios-xi-authenticated-local-file-inclusion-via-nagvis	third-party-advisory

Hyperlink: https://www.nagios.com/products/security/#nagios-xi

Resource:

vendor-advisory

patch

Hyperlink: https://www.nagios.com/changelog/nagios-xi/

Resource:

release-notes

patch

Hyperlink: https://www.vulncheck.com/advisories/nagios-xi-authenticated-local-file-inclusion-via-nagvis

Resource:

third-party-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

unknown

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References