CVE-2024-13999
Published: 30 October 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Security Summary
CVE-2024-13999 is a vulnerability affecting Nagios XI versions prior to 2024R1.1.3. Under certain circumstances, it discloses the server's Active Directory (AD) or LDAP authentication token to an authenticated user. This issue is classified under CWE-497 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An authenticated user can exploit this vulnerability to obtain the exposed AD or LDAP token. Possession of the token could enable domain-wide authentication misuse, escalation of privileges, or further compromise of network-integrated systems.
Advisories recommend upgrading to Nagios XI 2024R1.1.3 or later to mitigate the issue, as prior versions are vulnerable. Further details are provided in the Nagios changelog at https://www.nagios.com/changelog/nagios-xi/, the Nagios security page at https://www.nagios.com/products/security/#nagios-xi, and the VulnCheck advisory at https://www.vulncheck.com/advisories/nagios-xi-ad-ldap-token-authenticated-information-disclosure.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Nagios XI is a public-facing web application vulnerability (T1190) that, when exploited by an authenticated user, discloses AD/LDAP authentication tokens, directly enabling exploitation for credential access (T1212) for domain-wide misuse.