CVE-2022-24715
moderate-risk
Published 2022-03-08
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.
Do I need to act?
!
72.5% chance of exploitation in next 30 days
EPSS score — higher than 27% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.5/10
High
NETWORK
/ HIGH complexity
Affected Products (1)
Icinga Web 2
Affected Vendors
References (8)
Third Party Advisory
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63
Third Party Advisory
https://security.gentoo.org/glsa/202208-05
Third Party Advisory
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63
Third Party Advisory
https://security.gentoo.org/glsa/202208-05
49
/ 100
moderate-risk
Severity
25/34 · High
Exploitability
19/34 · Moderate
Exposure
5/34 · Minimal