PT-2014-1781 · Icinga · Icinga
Ricardo
·
Published
2014-01-14
·
Updated
2014-03-06
·
CVE-2013-7107
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Icinga versions 1.8.5 and earlier
Icinga versions 1.9.4 and earlier
Icinga versions 1.10.2 and earlier
Description
A cross-site request forgery (CSRF) issue in cmd.cgi allows remote attackers to hijack user authentication for unspecified commands. This can be exploited via unspecified vectors. The vulnerability may lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely.
Recommendations
For Icinga version 1.8.5 and earlier, update to a version that fixes the CSRF vulnerability in cmd.cgi.
For Icinga version 1.9.4 and earlier, update to a version that fixes the CSRF vulnerability in cmd.cgi.
For Icinga version 1.10.2 and earlier, update to a version that fixes the CSRF vulnerability in cmd.cgi.
As a temporary workaround, consider restricting access to cmd.cgi to minimize the risk of exploitation.
Fix
Buffer Overflow
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Icinga