{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2024" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.0\\.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.0\\.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.1\\.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "2024-r1\\.1\\.2" } ] } ] } } ], "details": "Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actions outside the intended security scope of the application, resulting in full control of the operating system.", "id": "CVE-2024-13997", "modified": "2026-03-15T21:45:16.059760665Z", "published": "2025-11-03T22:16:39.910Z", "references": [ { "type": "ADVISORY", "url": "https://www.nagios.com/changelog/nagios-xi/" }, { "type": "ADVISORY", "url": "https://www.nagios.com/products/security/#nagios-xi" }, { "type": "ADVISORY", "url": "https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-migrate-server-feature-to-root-on-host" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }