CVE-2023-7317
HIGHNagios XI < 2024R1 - Missing Authorization in Web SSH Terminal
Title source: llmDescription
Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface without sufficient authorization, potentially allowing unauthorized command execution or disclosure of sensitive information.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
patch
https://www.nagios.com/products/security/#nagios-xi
Release Notes release-notes
patch
https://www.nagios.com/changelog/nagios-xi/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/nagios-xi-web-ssh-terminal-missing-access-control
Scores
CVSS v3
8.8
EPSS
0.0029
EPSS Percentile
52.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (2)
nagios/nagios_xi
< 2024
Nagios/XI
< 2024R1
Published
Oct 30, 2025
Tracked Since
Feb 18, 2026