The CVE-2024-24401 vulnerability in Nagios XI version 2024R1.01 allows a remote attacker to execute arbitrary code through an SQL injection in the monitoringwizard.php component. Successful exploitation of this vulnerability can compromise the confidentiality, integrity, and availability of the affected system. The CVE-2024-24402 vulnerability affects Nagios XI version 2024R1.01, enabling a remote attacker to escalate privileges via a crafted script targeting the /usr/local/nagios/bin/npcd component. This flaw could allow unauthorized attackers to gain elevated privileges on affected systems, compromising the integrity and security of the Nagios XI monitoring system and connected infrastructure.
CVE Link
Exploit Platform
Exploit Type
Product Name