Login Sign Up

CVE-2024-58273

7.8 HIGH

📋 TL;DR

Nagios Log Server versions before 2024R1.0.2 contain a local privilege escalation vulnerability. An attacker who can execute commands as the Apache web user or backend shell user can escalate privileges to root on the host. This affects all Nagios Log Server installations running vulnerable versions.

💻 Affected Systems

Products:
  • Nagios Log Server
Versions: All versions prior to 2024R1.0.2
Operating Systems: Linux (all supported distributions)
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable. Requires attacker to have command execution as Apache user (www-data, apache, etc.) or backend shell user.

📦 What is this software?

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

Log Server by Nagios

View all CVEs affecting Log Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root access, allowing installation of persistent backdoors, data exfiltration, and lateral movement to other systems.

🟠

Likely Case

Attackers with initial access to the web server or backend shell can gain complete control of the Nagios Log Server host.

🟢

If Mitigated

With proper access controls and network segmentation, impact is limited to the Nagios Log Server host only.

🌐 Internet-Facing: MEDIUM - Requires initial access as Apache or backend user, but internet-facing Nagios Log Server increases attack surface.
🏢 Internal Only: HIGH - Internal attackers or compromised accounts can escalate to root once they gain Apache/backend shell access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires initial access as Apache or backend shell user. Once this access is obtained, privilege escalation to root is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024R1.0.2

Vendor Advisory: https://www.nagios.com/changelog/#log-server-2024R1

Restart Required: Yes

Instructions:

1. Backup your Nagios Log Server configuration and data. 2. Download Nagios Log Server 2024R1.0.2 from the Nagios website. 3. Follow the official upgrade instructions provided by Nagios. 4. Restart the Nagios Log Server services after upgrade.

🔧 Temporary Workarounds

Restrict Apache User Privileges

linux

Limit the Apache user's ability to execute commands and access sensitive files.

chmod 750 /usr/local/nagioslogserver
setfacl -m u:www-data:r-x /usr/local/nagioslogserver

Implement Mandatory Access Control

linux

Use SELinux or AppArmor to restrict Apache and backend processes.

semanage fcontext -a -t httpd_sys_content_t '/usr/local/nagioslogserver(/.*)?'
restorecon -Rv /usr/local/nagioslogserver

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Nagios Log Server from critical systems
  • Enforce least privilege access controls and monitor for suspicious activity from Apache/backend users

🔍 How to Verify

Check if Vulnerable:

Check Nagios Log Server version via web interface or command line. Versions below 2024R1.0.2 are vulnerable.

Check Version:

cat /usr/local/nagioslogserver/var/version.txt

Verify Fix Applied:

Confirm version is 2024R1.0.2 or higher and test that Apache user cannot escalate to root.

📡 Detection & Monitoring

Log Indicators:

  • Unusual commands executed by Apache user (www-data, apache)
  • Privilege escalation attempts in system logs
  • Sudo/su attempts from Apache or backend users

Network Indicators:

  • Unexpected outbound connections from Nagios Log Server host
  • SSH or other remote access from Nagios host to other systems

SIEM Query:

source="*nagios*" AND (user="www-data" OR user="apache" OR user="nagios") AND (event="sudo" OR event="su" OR event="privilege")

📊 Metadata

CVE ID: CVE-2024-58273
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-266
EPSS Score: 0.02% exploit probability (5.4th percentile)
Published: October 30, 2025
Last Updated: November 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58273, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)