CVE-2024-13994

Description

Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the Allow Insecure Logins option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation, privilege escalation, or full compromise of the Nagios XI web interface depending on the target account.