VDB
CVE-2022-24715
CVE-2022-24715
PUBLISHED
CVSS 8.5 HIGH
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.
EPSS 72.51% · 98.8th percentile
Risk Scores
CVSS 3.1
8.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
72.51%
98.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icinga | icingaweb2 | < 2.8.6, * |
| icinga | icinga_web_2 | 0, 2.9.0 |
Exploit Intelligence
- Authenticated Remote Code Execution in Icinga Web 2 <2.8.6, <2.9.6, <2.10 (github-poc-repo)
- Authenticated Remote Code Execution in Icinga Web 2 <2.8.6, <2.9.6, <2.10 (github-poc-repo)
- Authenticated Remote Code Execution in Icinga Web 2 <2.8.6, <2.9.6, <2.10 (github-poc-repo)
- Authenticated Remote Code Execution in Icinga Web 2 <2.8.6, <2.9.6, <2.10 (github-poc-repo)
- Authenticated Remote Code Execution in Icinga Web 2 <2.8.6, <2.9.6, <2.10 (github-poc-repo)
- Icinga Web 2 - Authenticated Remote Code Execution <2.8.6, <2.9.6, <2.10 (github-poc-repo)
- Icinga Web 2 - Authenticated Remote Code Execution <2.8.6, <2.9.6, <2.10 (github-poc-repo)
- Icinga Web 2 - Authenticated Remote Code Execution <2.8.6, <2.9.6, <2.10 (github-poc-repo)
- Icinga Web 2 - Authenticated Remote Code Execution <2.8.6, <2.9.6, <2.10 (github-poc-repo)
- Icinga Web 2 - Authenticated Remote Code Execution <2.8.6, <2.9.6, <2.10 (github-poc-repo)
…and 26 more exploits
Timeline
- Mar 8, 2022 CVE Published
- Mar 9, 2022 EPSS Score
- Apr 29, 2022 EPSS Score
- Jun 20, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Oct 2, 2022 EPSS Score
- Jan 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 26, 2023 EPSS Score
- Jul 15, 2023 PoC Published
- Aug 6, 2023 EPSS Score
- Nov 17, 2023 EPSS Score