Cyber Resilience

CVE-2023-7317

CriticalPublic PoC

Published: 30 October 2025

Published
30 October 2025
Modified
06 November 2025
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0043 63.0th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-7317 is a critical-severity Missing Authorization (CWE-862) vulnerability in Nagios Nagios Xi. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2023-7317 is a missing access control vulnerability (CWE-862) affecting the Web SSH Terminal in Nagios XI versions prior to 2024R1. This flaw allows insufficient authorization checks, enabling unauthorized access to the terminal interface. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.

A remote attacker with low privileges (PR:L) can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants access to or interaction with the Web SSH Terminal, potentially allowing unauthorized command execution on the host system or disclosure of sensitive information.

Vendor advisories, including the Nagios XI changelog and security page, recommend upgrading to Nagios XI 2024R1 or later to mitigate the issue. Additional details are available in the referenced advisories from Nagios and VulnCheck.

EU & UK References

Vulnerability details

Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface without sufficient authorization, potentially allowing unauthorized command execution or disclosure of…

more

sensitive information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

The vulnerability is a missing access control in a public-facing web application (Nagios XI Web SSH Terminal), enabling exploitation for unauthorized remote command execution via Unix shell (T1190, T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2041Same product: Nagios Nagios Xi
CVE-2024-14005Same product: Nagios Nagios Xi
CVE-2025-34284Same product: Nagios Nagios Xi
CVE-2024-14003Same product: Nagios Nagios Xi
CVE-2026-2043Same product: Nagios Nagios Xi
CVE-2026-2042Same product: Nagios Nagios Xi
CVE-2020-36867Same product: Nagios Nagios Xi
CVE-2025-34227Same product: Nagios Nagios Xi
CVE-2024-13999Same product: Nagios Nagios Xi
CVE-2024-13996Same product: Nagios Nagios Xi

Affected Assets

nagios
nagios xi
≤ 2024

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces the missing access controls to prevent low-privileged attackers from accessing or interacting with the unauthorized Web SSH Terminal.

prevent

Ensures authorization decisions are made for access to sensitive resources like the Web SSH Terminal, addressing the insufficient authorization checks.

prevent

Limits low-privileged users' access to only necessary functions, mitigating unauthorized terminal interaction even if enforcement is partially bypassed.

References