CVE-2024-49369

Name of the Vulnerable Software and Affected Versions Icinga 2 versions 2.4.0 through 2.11.12 Icinga 2 versions 2.12.0 through 2.12.11 Icinga 2 versions 2.13.0 through 2.13.10 Icinga 2 versions 2.14.0 through 2.14.3

Description Icinga is a monitoring system used to check network resource availability, notify users of outages, and generate performance reports. A flaw exists in the TLS certificate validation process in all Icinga 2 versions starting from 2.4.0. This allows an attacker to impersonate trusted cluster nodes and API users who utilize TLS client certificates for authentication, specifically those with the client cn attribute set. The vulnerability could allow an attacker to bypass security restrictions and gain unauthorized access to sensitive information or execute arbitrary commands.

Recommendations Update to Icinga 2 version 2.11.12 or later. Update to Icinga 2 version 2.12.11 or later. Update to Icinga 2 version 2.13.10 or later. Update to Icinga 2 version 2.14.3 or later.