CVE-2024-13999
Published: 30 October 2025
Summary
CVE-2024-13999 is a critical-severity Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) vulnerability in Nagios Nagios Xi. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 enforces approved authorizations to prevent authenticated users from accessing sensitive server AD/LDAP tokens.
IA-5 protects authenticators like AD/LDAP tokens from unauthorized disclosure and modification.
SI-15 filters outputs to non-privileged users, preventing inadvertent disclosure of authentication tokens.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Nagios XI is a public-facing web application vulnerability (T1190) that, when exploited by an authenticated user, discloses AD/LDAP authentication tokens, directly enabling exploitation for credential access (T1212) for domain-wide misuse.
NVD Description
Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticated user. Exposure of the server’s AD/LDAP token could allow domain-wide authentication misuse, escalation of privileges, or further compromise…
more
of network-integrated systems.
Deeper analysisAI
CVE-2024-13999 is a vulnerability affecting Nagios XI versions prior to 2024R1.1.3. Under certain circumstances, it discloses the server's Active Directory (AD) or LDAP authentication token to an authenticated user. This issue is classified under CWE-497 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An authenticated user can exploit this vulnerability to obtain the exposed AD or LDAP token. Possession of the token could enable domain-wide authentication misuse, escalation of privileges, or further compromise of network-integrated systems.
Advisories recommend upgrading to Nagios XI 2024R1.1.3 or later to mitigate the issue, as prior versions are vulnerable. Further details are provided in the Nagios changelog at https://www.nagios.com/changelog/nagios-xi/, the Nagios security page at https://www.nagios.com/products/security/#nagios-xi, and the VulnCheck advisory at https://www.vulncheck.com/advisories/nagios-xi-ad-ldap-token-authenticated-information-disclosure.
Details
- CWE(s)