CVE-2018-6533 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2018-6533

An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).

Published: Feb 27, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-6533
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
icinga / icinga	2.0.0	2.8.1.x

https://github.com/Icinga/icinga2/pull/5850