CVE-2024-13998 – Nagios XI versions before 2024R1.1.3 allow auth... (How to Fix)

Q: What is the severity of CVE-2024-13998?

CVE-2024-13998 has a CVSS score of 6.5 (MEDIUM). Nagios XI versions before 2024R1.1.3 allow authenticated users to access sensitive user account information including API keys and password hashes, which they should not have permission to view. This could lead to account compromise, API abuse, or password cracking. Organizations running vulnerable Nagios XI versions are affected.

📋 TL;DR

Nagios XI versions before 2024R1.1.3 allow authenticated users to access sensitive user account information including API keys and password hashes, which they should not have permission to view. This could lead to account compromise, API abuse, or password cracking. Organizations running vulnerable Nagios XI versions are affected.

💻 Affected Systems

Products:

Nagios XI

Versions: All versions prior to 2024R1.1.3

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access; CVE-2024-13995 may be related with incomplete fixes in earlier versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access, compromise all monitored systems, exfiltrate sensitive data, and maintain persistent access through API key abuse.

🟠

Likely Case

Privilege escalation leading to unauthorized access to monitoring data, configuration changes, and potential lateral movement within the network.

🟢

If Mitigated

Limited exposure of some user data with no further exploitation due to network segmentation and strong authentication controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access but exploitation is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024R1.1.3

Vendor Advisory: https://www.nagios.com/changelog/nagios-xi/

Restart Required: Yes

Instructions:

1. Backup current Nagios XI configuration and data. 2. Download 2024R1.1.3 from Nagios customer portal. 3. Follow Nagios XI upgrade documentation. 4. Restart Nagios XI services. 5. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Restrict User Permissions

all

Limit authenticated user access to minimum required permissions

Network Segmentation

all

Isolate Nagios XI from sensitive systems and limit access to trusted IPs

🧯 If You Can't Patch

Implement strict network access controls to limit Nagios XI access to trusted IP addresses only
Rotate all API keys and user passwords immediately and monitor for unauthorized access

🔍 How to Verify

Check if Vulnerable:

Check Nagios XI version via Admin > System Config > About or run: grep 'nagiosxi_version' /usr/local/nagiosxi/var/xiversion

Check Version:

grep 'nagiosxi_version' /usr/local/nagiosxi/var/xiversion

Verify Fix Applied:

Confirm version is 2024R1.1.3 or later using same methods

📡 Detection & Monitoring

Log Indicators:

Unusual API key usage patterns
Multiple failed login attempts followed by successful access
Access to user management endpoints from non-admin accounts

Network Indicators:

Unusual outbound connections from Nagios XI server
API requests from unexpected IP addresses

SIEM Query:

source="nagios" AND (event="api_key_access" OR event="user_info_access") AND user!="admin"

📊 Metadata

CVE ID: CVE-2024-13998

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-497

EPSS Score: 1.1% exploit probability (77.6th percentile)

Published: November 3, 2025

Last Updated: November 6, 2025

🔗 References

https://www.nagios.com/changelog/nagios-xi/ Release Notes
https://www.nagios.com/products/security/#nagios-xi Vendor Advisory
https://www.vulncheck.com/advisories/nagios-xi-api-keys-and-hashed-password-authenticated-information-disclosure-2 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13998, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Nagios Xi by Nagios

Nagios Xi by Nagios

Nagios Xi by Nagios

Nagios Xi by Nagios

Nagios Xi by Nagios

Nagios Xi by Nagios

Nagios Xi by Nagios

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict User Permissions

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities