cbcvebase.
CVE-2024-49369
published 2024-11-12

CVE-2024-49369: Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.93%
85.4th percentile
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12.

Affected

14 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianicinga2< icinga2 2.13.6-2+deb12u2 (bookworm)icinga2 2.13.6-2+deb12u2 (bookworm)
icingaicinga>= 2.12.0 < 2.12.112.12.11
icingaicinga>= 2.13.0 < 2.13.102.13.10
icingaicinga>= 2.14.0 < 2.14.32.14.3
icingaicinga>= 2.4.0 < 2.11.122.11.12
icingaicinga2
icingaicinga2
icingaicinga2
icingaicinga2
icingaicinga2>= 0 < 2.12.3-1+deb11u12.12.3-1+deb11u1
icingaicinga2>= 0 < 2.13.6-2+deb12u22.13.6-2+deb12u2
icingaicinga2>= 0 < 2.14.3-12.14.3-1
icingaicinga2>= 0 < 2.14.3-12.14.3-1

Detection & IOCsextracted from sources · hover to see the quote

  • Detect exploitation attempts targeting Icinga 2 TLS certificate validation bypass: monitor for API authentication events where client_cn attribute is used but the connecting certificate CN does not match the expected trusted node or ApiUser identity
  • Flag Icinga 2 instances running versions 2.4.0 through 2.11.11, 2.12.0–2.12.10, 2.13.0–2.13.9, or 2.14.0–2.14.2 as vulnerable to TLS impersonation of cluster nodes and API users
  • ·Only ApiUser objects with the client_cn attribute set are affected by the impersonation vector against API users; ApiUsers relying solely on password-based authentication are not impacted by this specific flaw
  • ·Fixed versions are v2.14.3, v2.13.10, v2.12.11, and v2.11.12; Debian-specific fixes differ by release (bookworm: 2.13.6-2+deb12u2, bullseye: 2.12.3-1+deb11u1, forky/sid/trixie: 2.14.3-1)

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.