Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Brace of Icinga web vulnerabilities ‘easily chained’ to hack IT monitoring software

A pair of vulnerabilities in the web control panel of IT monitoring system Icinga created a route for even unauthenticated attackers to run arbitrary PHP code and hijack systems.

The recent resolved web-related vulnerabilities – which were both discovered by security researchers at SonarSource – involved two path traversal vulnerabilities and a flaw that makes it possible to execute arbitrary PHP code from the administrator interface.

Path to exploitation

CVE-2022-24716 is a path traversal bug in Icinga Web 2 and CVE-2022-24715 is a separate path traversal bug that also exploits behaviour of PHP validating a SSH key by using a NULL byte. The PHP vulnerability is in the OpenSSL core extension.

These various vulnerabilities can readily be chained together to compromise a server, SonarSource warns.

Patches have been released and updates to Icinga Web versions 2.8.6, 2.9.6 and 2.10 are recommended. Users are advised to update their installation as well as rotating credentials as an additional precaution.

Icinga offers an open source IT monitoring system that comes with various plugins and can be used to monitor network traffic, disk space, or services running on monitored hosts.

The vulnerabilities stem from coding flaws in the web control panel for the technology, which is known as Icinga Web 2.

Rich pickings

The path traversal vulnerability meant that attackers could potentially access the contents of and local system files accessible to the web server user, including icingaweb2 configuration files with database credentials.

The CVE-2022-24715 vulnerability can result in the execution of arbitrary PHP code from the administration interface

As explained in a technical blog post by SonarSource this week, the two flaws can “easily [be] chained [together] to compromise the server from an unauthenticated position if the attacker can reach the database by first disclosing configuration files and modifying the administrator’s password”.

The Daily Swig asked SonarSource whether or not the vulnerabilities might have been abused in the wild, as well as what lessons its findings offered to other software developers.

No word back as yet but we’ll update this story as and when more information comes to hand.

Source: https://portswigger.net/daily-swig/brace-of-icinga-web-vulnerabilities-easily-chained-to-hack-it-monitoring-software

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO