CVE-2022-24715
Description
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
72.512
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-24714,CVE-2022-24715,CVE-2022-24716 are affected in Icinga 2 (x64) 2.9.5 | Windows |
| Vulnerabilities CVE-2022-24714,CVE-2022-24715 are affected in Icinga 2 (x64) 2.8.2 | Windows |
| Vulnerabilities CVE-2022-24714,CVE-2022-24715,CVE-2022-24716 are affected in Icinga 2 2.9.5 | Windows |
| Vulnerabilities CVE-2022-24714,CVE-2022-24715 are affected in Icinga 2 2.8.2 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-349001 | Icinga 2 (x64) (2.15.0) |
| PATCH-349000 | Icinga 2 (2.15.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234