CVE-2024-33775
CRITICALNagios XI 2024R1.01 - Privilege Escalation via Autodiscover Dashlet
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2024-33775. PoCs published by Neo-XeD.
AI-analyzed exploit summary This repository provides a functional privilege escalation exploit for CVE-2024-33775 in Nagios XI 2024R1.01, leveraging malicious dashlet modifications to achieve root access via sudo misconfigurations in autodiscover_new.php.
Description
An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet.
Exploits (1)
nomisec
WORKING POC
by Neo-XeD · poc
https://github.com/Neo-XeD/CVE-2024-33775
This repository provides a functional privilege escalation exploit for CVE-2024-33775 in Nagios XI 2024R1.01, leveraging malicious dashlet modifications to achieve root access via sudo misconfigurations in autodiscover_new.php.
Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target:
Nagios XI Version 2024R1.01
Auth required
Prerequisites:
Access to NAGIOS or APACHE user account · Ability to modify dashlet files · Network connectivity for reverse shell
devstral-2 · analyzed Feb 19, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/Neo-XeD/CVE-2024-33775
Release Notes
https://www.nagios.com/changelog/#nagios-xi
Scores
CVSS v3
9.8
EPSS
0.0160
EPSS Percentile
72.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (1)
nagios/nagios_xi
2024 r1.0.1
Published
May 01, 2024
Tracked Since
Feb 18, 2026