Nagios XI Web SSH Terminal AC Bypass
CVE-2023-7317 Published on October 30, 2025
Nagios XI < 2024R1 Web SSH Terminal Missing Access Control
Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface without sufficient authorization, potentially allowing unauthorized command execution or disclosure of sensitive information.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2023-7317 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2023-7317
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-7317 are published in these products:
Affected Versions
Nagios XI:- Before 2024R1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.