What is CVE-2022-24715?

CVE-2022-24715 is a vulnerability in Icinga Web 2 that allows authenticated users to execute arbitrary code by creating SSH resource files in unintended directories.

How does CVE-2022-24715 affect Icinga Web 2?

CVE-2022-24715 affects Icinga Web 2 versions up to 2.9.6, allowing authenticated users with access to the configuration to execute arbitrary code.

What is the severity of CVE-2022-24715?

CVE-2022-24715 has a severity score of 8.8 (high).

How can I fix CVE-2022-24715?

To fix CVE-2022-24715, update Icinga Web 2 to version 2.8.6 or later.

Are there any references for CVE-2022-24715?

Yes, you can find references for CVE-2022-24715 at the following links: [Exploit-DB](https://www.exploit-db.com/exploits/51586), [Packet Storm Security](http://packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Execution.html), and [GitHub](https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb).

Vulnerability/
CVE-2022-24715

Exploited

high

8.8

CWE

8/3/2022

3/8/2024

CVE-2022-24715: Arbitrary code execution for authenticated users in Icinga Web 2

First published: Tue Mar 08 2022(Updated: )

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.

Credit: Dante Corona security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
Icinga Icinga Web 2	<2.8.6
Icinga Icinga Web 2	>=2.9.0<2.9.6

Remedy

https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-24715?
CVE-2022-24715 is a vulnerability in Icinga Web 2 that allows authenticated users to execute arbitrary code by creating SSH resource files in unintended directories.
How does CVE-2022-24715 affect Icinga Web 2?
CVE-2022-24715 affects Icinga Web 2 versions up to 2.9.6, allowing authenticated users with access to the configuration to execute arbitrary code.
What is the severity of CVE-2022-24715?
CVE-2022-24715 has a severity score of 8.8 (high).
How can I fix CVE-2022-24715?
To fix CVE-2022-24715, update Icinga Web 2 to version 2.8.6 or later.
Are there any references for CVE-2022-24715?
Yes, you can find references for CVE-2022-24715 at the following links: [Exploit-DB](https://www.exploit-db.com/exploits/51586), [Packet Storm Security](http://packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Execution.html), and [GitHub](https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb).

exploited/true
collector/exploitdb-recent
alias/CVE-2022-24715
collector/nvd-index
agent/type
agent/softwarecombine
agent/author
agent/weakness
agent/references
agent/remedy
agent/description
collector/nvd-api
agent/software-canonical-lookup-request
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/severity
agent/first-publish-date
agent/tags
agent/event
vendor/icinga
canonical/icinga icinga web 2
version/icinga icinga web 2/2.9.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.