CVE-2024-24402

CRITICAL

Nagios XI 2024R1.01 - Privilege Escalation via npcd Script Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-24402. PoCs published by MAWK0235.

AI-analyzed exploit summary This repository provides a functional privilege escalation exploit for CVE-2024-24402 in Nagios XI 2024R1.01, allowing the 'NAGIOS' user to gain root access by replacing the 'npcd' binary with a malicious script. The PoC includes detailed steps and commands for execution.

Description

An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.

Exploits (1)

nomisec WORKING POC 4 stars

by MAWK0235 · poc

https://github.com/MAWK0235/CVE-2024-24402

View Code ZIP pw:eip

This repository provides a functional privilege escalation exploit for CVE-2024-24402 in Nagios XI 2024R1.01, allowing the 'NAGIOS' user to gain root access by replacing the 'npcd' binary with a malicious script. The PoC includes detailed steps and commands for execution.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Nagios XI 2024R1.01

Auth required

Prerequisites: Access to the 'NAGIOS' user account · Network connectivity to an attacker-controlled server for hosting the malicious binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Release Notes

https://www.nagios.com/changelog/

Scores

CVSS v3 9.8

EPSS 0.0340

EPSS Percentile 87.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

nagios/nagios_xi 2024 r1.0.1

Published Feb 26, 2024

Tracked Since Feb 18, 2026