Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2022-24715

Published: 08/03/2022 Updated: 17/07/2023
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 606
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Subscribe to Icinga

Vulnerability Summary

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

icinga icinga web 2

Exploits

Exploit DB: Icinga Web 2.10 - Authenticated Remote Code Execution
#!/usr/bin/env python3 # Exploit Title: Icinga Web 210 - Authenticated Remote Code Execution # Date: 8/07/2023 # Exploit Author: Dante Corona(Aka cxdxnt) # Software Link: githubcom/Icinga/icingaweb2 # Vendor Homepage: icingacom/ # Software Link: githubcom/Icinga/icingaweb2 # Version: <286, <296, <210 # T ...
Exploit DB: Icinga Web 2.10 Remote Code Execution
Icinga Web version 210 suffers from an authenticated remote code execution vulnerability ...

Github Repositories

https://github.com/d4rkb0n3/CVE-2022-24715-go

CVE-2022-24715 The Icinga Web 2 exploit written in go The original python code can be found in: packetstormsecuritycom/files/173516/Icinga-Web-210-Remote-Code-Executionhtml

https://github.com/JacobEbben/CVE-2022-24715

Authenticated Remote Code Execution in Icinga Web 2 <2.8.6, <2.9.6, <2.10

CVE-2022-24715 Icinga Web 2 - Authenticated Remote Code Execution &lt;286, &lt;296, &lt;210 DISCLAIMER: This script is made to audit the security of systems Only use this script on your own systems or on systems you have written permission to exploit

References

CWE-22https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafbhttps://security.gentoo.org/glsa/202208-05http://packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://github.com/d4rkb0n3/CVE-2022-24715-gohttps://github.com/JacobEbben/CVE-2022-24715https://www.exploit-db.com/exploits/51586
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook