CVE-2023-7317
Published: 30 October 2025
Summary
CVE-2023-7317 is a high-severity Missing Authorization (CWE-862) vulnerability in Nagios Nagios Xi. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces the missing access controls to prevent low-privileged attackers from accessing or interacting with the unauthorized Web SSH Terminal.
Ensures authorization decisions are made for access to sensitive resources like the Web SSH Terminal, addressing the insufficient authorization checks.
Limits low-privileged users' access to only necessary functions, mitigating unauthorized terminal interaction even if enforcement is partially bypassed.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a missing access control in a public-facing web application (Nagios XI Web SSH Terminal), enabling exploitation for unauthorized remote command execution via Unix shell (T1190, T1059.004).
NVD Description
Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface without sufficient authorization, potentially allowing unauthorized command execution or disclosure of…
more
sensitive information.
Deeper analysisAI
CVE-2023-7317 is a missing access control vulnerability (CWE-862) affecting the Web SSH Terminal in Nagios XI versions prior to 2024R1. This flaw allows insufficient authorization checks, enabling unauthorized access to the terminal interface. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
A remote attacker with low privileges (PR:L) can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants access to or interaction with the Web SSH Terminal, potentially allowing unauthorized command execution on the host system or disclosure of sensitive information.
Vendor advisories, including the Nagios XI changelog and security page, recommend upgrading to Nagios XI 2024R1 or later to mitigate the issue. Additional details are available in the referenced advisories from Nagios and VulnCheck.
Details
- CWE(s)