Unrated severityNVD Advisory· Published Oct 30, 2025· Updated Nov 17, 2025
Nagios XI < 2024R1.1.2 Allow Insecure Logins Missing Authorization
CVE-2024-13994
Description
Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation, privilege escalation, or full compromise of the Nagios XI web interface depending on the target account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Nagios/XIv5Range: 0
Patches
Vulnerability mechanics
References
3- www.nagios.com/changelog/nagios-xi/mitrerelease-notespatch
- www.nagios.com/products/security/mitrevendor-advisorypatch
- www.vulncheck.com/advisories/nagios-xi-allow-insecure-logins-missing-authorizationmitrethird-party-advisory
News mentions
0No linked articles in our index yet.