CVE-2021-32739Privilege Defined With Unsafe Actions in Icinga

CWE-267Privilege Defined With Unsafe ActionsCWE-269Improper Privilege Management4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 46.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Icinga Icinga2IcingaDebian Linux
Timeline
PublishedJul 15

Description

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDicinga/icinga2.4.02.11.10+1
Debianicinga/icinga2< 2.12.3-1+deb11u1+3
CVEListV5icinga/icinga2>= 2.4.0, <= 2.12.4

Also affects: Debian Linux 9.0

🔴Vulnerability Details

2
CVEList
Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities2021-07-15
OSV
CVE-2021-32739: Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for report2021-07-15

📋Vendor Advisories

1
Debian
CVE-2021-32739: icinga2 - Icinga is a monitoring system which checks the availability of network resources...2021
CVE-2021-32739 — Privilege Defined With Unsafe Actions | cvebase