CVE-2013-7107

Name of the Vulnerable Software and Affected Versions Icinga versions 1.8.5 and earlier Icinga versions 1.9.4 and earlier Icinga versions 1.10.2 and earlier

Description A cross-site request forgery (CSRF) issue in cmd.cgi allows remote attackers to hijack user authentication for unspecified commands. This can be exploited via unspecified vectors. The vulnerability may lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely.

Recommendations For Icinga version 1.8.5 and earlier, update to a version that fixes the CSRF vulnerability in cmd.cgi. For Icinga version 1.9.4 and earlier, update to a version that fixes the CSRF vulnerability in cmd.cgi. For Icinga version 1.10.2 and earlier, update to a version that fixes the CSRF vulnerability in cmd.cgi. As a temporary workaround, consider restricting access to cmd.cgi to minimize the risk of exploitation.