CVE-2018-6533

5 documents5 sources
Severity
7.8HIGH
EPSS
0.0%
top 85.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Icinga Icinga
Timeline
PublishedFeb 27
Latest updateMay 13

Description

An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debianicinga2< 2.8.4-1+3
NVDicinga/icinga2.0.02.8.1

🔴Vulnerability Details

3
GHSA
GHSA-5f3g-f3qg-cgq4: An issue was discovered in Icinga 22022-05-13
OSV
CVE-2018-6533: An issue was discovered in Icinga 22018-02-27
CVEList
CVE-2018-6533: An issue was discovered in Icinga 22018-02-27

📋Vendor Advisories

1
Debian
CVE-2018-6533: icinga2 - An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf fi...2018
CVE-2018-6533 (HIGH CVSS 7.8) | An issue was discovered in Icinga 2 | cvebase.io