CVE-2024-13995
Published: 30 October 2025
Summary
CVE-2024-13995 is a high-severity Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) vulnerability in Nagios Nagios Xi. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked in the top 17.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for logical access, directly preventing unauthorized authenticated users from disclosing sensitive user account information like API keys and hashed passwords.
Filters and controls information output to block unauthorized disclosure of sensitive data such as API keys and password hashes to low-privilege users.
Applies least privilege to restrict low-privilege authenticated users from accessing sensitive account information of other users, reducing the impact of improper access enforcement.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables exploitation for credential access (T1212) by disclosing API keys (enabling T1528 Steal Application Access Token) and hashed passwords (facilitating T1110.002 Password Cracking).
NVD Description
Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password…
more
hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts.
Deeper analysisAI
CVE-2024-13995 is an information disclosure vulnerability (CWE-497) affecting Nagios XI monitoring software versions prior to 2024R1.1.2, with the issue confirmed in versions 2024R1.1 and 2024R1.1.1. The flaw enables authenticated users to access sensitive user account information, including API keys and hashed passwords, that they are not authorized to view.
An attacker with low-privilege authenticated access (PR:L) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N), resulting in high impacts to confidentiality, integrity, and availability (CVSS:3.1 score of 8.8; C:H/I:H/A:H; S:U). Successful exploitation could lead to full account compromise, abuse of API privileges, or offline cracking attempts against exposed password hashes.
Advisories recommend upgrading to Nagios XI 2024R1.1.2 or later to mitigate the issue. Additional details are available in the Nagios changelog at https://www.nagios.com/changelog/nagios-xi/, the Nagios security page at https://www.nagios.com/products/security/#nagios-xi, and the VulnCheck advisory at https://www.vulncheck.com/advisories/nagios-xi-api-keys-and-hashed-password-authenticated-information-disclosure.
Details
- CWE(s)