CVE-2024-14003
Published: 30 October 2025
Summary
CVE-2024-14003 is a critical-severity OS Command Injection (CWE-78) vulnerability in Nagios Nagios Xi. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 23.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates validation of inbound NRDP request parameters to block crafted inputs from reaching command execution paths and prevent OS command injection.
Requires identification, reporting, and correction of the specific flaw in Nagios XI NRDP server plugins through timely patching.
Enforces restrictions on NRDP input types, sources, and quantities to limit opportunities for command injection via malformed parameters.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables unauthenticated RCE via OS command injection in public-facing NRDP service (T1190) and directly facilitates arbitrary Unix shell command execution as the Nagios service user (T1059.004).
NVD Description
Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its NRDP (Nagios Remote Data Processor) server plugins. Insufficient validation of inbound NRDP request parameters allows crafted input to reach command execution paths, enabling attackers to…
more
execute arbitrary commands on the underlying host in the context of the web/Nagios service.
Deeper analysisAI
CVE-2024-2024-14003 is a remote code execution (RCE) vulnerability in Nagios XI versions prior to 2024R1.2, stemming from insufficient validation of inbound NRDP (Nagios Remote Data Processor) request parameters in its server plugins. This flaw, classified as CWE-78 (OS Command Injection), allows crafted input to reach command execution paths, enabling arbitrary command execution on the underlying host in the context of the web/Nagios service. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and lack of prerequisites.
An unauthenticated attacker with network access to the NRDP service can exploit this vulnerability by submitting specially crafted NRDP requests. Successful exploitation grants remote command execution as the web/Nagios service user, potentially allowing full compromise of the host system, including data exfiltration, persistence, or lateral movement.
Nagios advisories address this issue through patches in version 2024R1.2 and later. Additional mitigation details are available in the Nagios XI changelog at https://www.nagios.com/changelog/nagios-xi/, the security products page at https://www.nagios.com/products/security/#nagios-xi, and the VulnCheck advisory at https://www.vulncheck.com/advisories/nagios-xi-rce-via-nrdp-server-plugins.
Details
- CWE(s)