Login Sign Up

CVE-2024-43199

7.8 HIGH

📋 TL;DR

This CVE describes a local privilege escalation vulnerability in Nagios NDOUtils where certain executable files are owned by the nagios user instead of root. An attacker with access to the nagios user account can exploit this to gain root privileges on the system. This affects Nagios installations using NDOUtils versions before 2.1.4.

💻 Affected Systems

Products:
  • Nagios NDOUtils
Versions: All versions before 2.1.4
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where NDOUtils is installed and the nagios user exists. The vulnerability is in file ownership permissions.

📦 What is this software?

Ndoutils by Nagios

View all CVEs affecting Ndoutils →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root access, allowing attacker to install persistent backdoors, access all data, and pivot to other systems.

🟠

Likely Case

Privilege escalation from nagios user to root, enabling complete control over the Nagios monitoring system and potentially other services on the host.

🟢

If Mitigated

Limited to nagios user privileges only, preventing system-wide compromise.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring existing access to the nagios user account.
🏢 Internal Only: HIGH - If an attacker gains access to the nagios user through other means (compromised credentials, other vulnerabilities), they can escalate to root.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires existing access to the nagios user account. The vulnerability is straightforward to exploit once nagios user access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.4

Vendor Advisory: https://github.com/NagiosEnterprises/ndoutils/commit/18ef12037f4a68772d6840cbaa08aa2da07d2891

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download NDOUtils 2.1.4 from Nagios repository. 3. Stop Nagios service. 4. Install/upgrade to version 2.1.4. 5. Verify file ownership is corrected. 6. Restart Nagios service.

🔧 Temporary Workarounds

Manual file permission correction

linux

Manually change ownership of vulnerable executable files from nagios user to root

sudo chown root:root /usr/local/nagios/bin/ndo*
sudo chmod 755 /usr/local/nagios/bin/ndo*

🧯 If You Can't Patch

  • Restrict access to the nagios user account and monitor for unauthorized access attempts
  • Implement strict file integrity monitoring on NDOUtils executable files

🔍 How to Verify

Check if Vulnerable:

Check if NDOUtils executable files are owned by nagios user: ls -la /usr/local/nagios/bin/ndo* | grep nagios

Check Version:

ndo2db -V | grep version

Verify Fix Applied:

Verify files are owned by root: ls -la /usr/local/nagios/bin/ndo* | grep root

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation attempts
  • Changes to file ownership in /usr/local/nagios/bin/
  • Unusual activity by nagios user

Network Indicators:

  • None - this is a local privilege escalation

SIEM Query:

source="system_logs" AND (event="chown" OR event="setuid") AND user="nagios" AND target_file="*/ndo*"

📊 Metadata

CVE ID: CVE-2024-43199
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-732
Published: August 7, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43199, you might also want to check these:

CVE-2021-33509 9.9

This vulnerability allows remote authenticated managers in Plone to perform arbitrary disk I/O opera...

Same vulnerability type (CWE-732)
CVE-2024-5618 9.9

This vulnerability allows attackers to access functionality they shouldn't have permission to use in...

Same vulnerability type (CWE-732)
CVE-2023-40622 9.9

This vulnerability in SAP BusinessObjects Business Intelligence Platform allows authenticated attack...

Same vulnerability type (CWE-732)