CVE-2024-14005
Published: 30 October 2025
Summary
CVE-2024-14005 is a high-severity OS Command Injection (CWE-78) vulnerability in Nagios Nagios Xi. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the insufficient validation of user-supplied input in the Docker Wizard by requiring checks to prevent injection of shell metacharacters into backend command invocations.
Mitigates the vulnerability through timely flaw remediation, such as upgrading to Nagios XI 2024R1.2 which includes improved input validation.
Complements validation by restricting user inputs in the Docker Wizard to safe, organization-defined conditions that block shell metacharacters.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2024-14005 is a command injection vulnerability in a public-facing web application (Nagios XI Docker Wizard), enabling T1190 (Exploit Public-Facing Application). Exploitation directly results in arbitrary Unix shell command execution (T1059.004).
NVD Description
Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitation…
more
enables arbitrary command execution with the privileges of the Nagios XI web application user.
Deeper analysisAI
CVE-2024-14005 is a command injection vulnerability (CWE-78) in the Docker Wizard component of Nagios XI versions prior to 2024R1.2. The issue stems from insufficient validation of user-supplied input, which allows injection of shell metacharacters that are incorporated into backend command invocations. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.
An authenticated administrator can exploit this vulnerability remotely without user interaction. By supplying malicious input in the Docker Wizard, the attacker injects shell metacharacters, leading to arbitrary command execution with the privileges of the Nagios XI web application user.
Nagios advisories recommend upgrading to Nagios XI 2024R1.2 or later to mitigate the vulnerability through improved input validation. Additional details are available in the Nagios XI changelog at https://www.nagios.com/changelog/nagios-xi/, the security updates page at https://www.nagios.com/products/security/#nagios-xi, and the VulnCheck advisory at https://www.vulncheck.com/advisories/nagios-xi-command-injection-via-docker-wizard.
Details
- CWE(s)