{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60991?format=json","vulnerability_id":"VCID-wyzj-d9jm-ekge","summary":"Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actions outside the intended security scope of the application, resulting in full control of the operating system.","aliases":[{"alias":"CVE-2024-13997"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://www.nagios.com/products/security/#nagios-xi","reference_id":"#nagios-xi","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-05T15:05:09Z/"}],"url":"https://www.nagios.com/products/security/#nagios-xi"},{"reference_url":"https://www.nagios.com/changelog/nagios-xi/","reference_id":"nagios-xi","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-05T15:05:09Z/"}],"url":"https://www.nagios.com/changelog/nagios-xi/"},{"reference_url":"https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-migrate-server-feature-to-root-on-host","reference_id":"nagios-xi-privilege-escalation-via-migrate-server-feature-to-root-on-host","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-05T15:05:09Z/"}],"url":"https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-migrate-server-feature-to-root-on-host"}],"weaknesses":[{"cwe_id":269,"name":"Improper Privilege Management","description":"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor."}],"exploits":[],"severity_range_score":"9.4 - 9.4","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wyzj-d9jm-ekge"}