Volerion logoVolerion
Volerion logoVolerion

Nagios XI Privilege Escalation Vulnerability via Improperly Owned Script

Vulnerability

A privilege escalation vulnerability has been identified in Nagios XI versions prior to 2024R2. The issue arises from the process_perfdata.pl script, which is executed periodically as the nagios user but is owned by www-data. This improper ownership allows an attacker with web server privileges to modify the script's contents. When the script is executed, it can lead to arbitrary code execution as the nagios user, exploiting the flawed ownership and permission configuration.

Impact

Successful exploitation allows for local privilege escalation, with arbitrary code execution as the nagios user.

Reproduction

The vulnerability can be reproduced by uploading a malicious payload to the process_perfdata.pl script, taking advantage of the improper ownership and permission settings. This can be done by an attacker with web server privileges, who can modify the script's contents before it is executed as the nagios user.

Remediation

Users can upgrade to Nagios XI version 2024R2 or later, where this vulnerability has been addressed.

Added: Oct 30, 2025, 10:19 PM
Updated: Oct 30, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm
spread
5.0
impact
10.0
exploitability
4.2
remediation
0.0
relevance
0.9
threat
1.6
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.