Primary

Context

Nagios XI Missing Authorization Control Vulnerability Allowing Insecure Logins

Vulnerability

A vulnerability exists in Nagios XI versions prior to 2024R1.1.2, where the 'Allow Insecure Logins' option can be enabled without proper authorization controls. This flaw allows users to create valid login credentials for other users, potentially leading to unauthorized account creation, privilege escalation, or a complete compromise of the Nagios XI web interface, depending on the account in question.

Impact

Exploitation of this vulnerability could result in unauthorized account creation, privilege escalation, or full compromise of the Nagios XI web interface, depending on the target account.

Remediation

Users can upgrade to Nagios XI version 2024R1.1.2 or later to address this vulnerability.

Added: Oct 30, 2025, 10:58 PM

Updated: Oct 30, 2025, 10:58 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios XI Missing Authorization Control Vulnerability Allowing Insecure Logins

Vulnerability

Impact

Remediation

Affected Products

Nagios XI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating