vulnerability

Debian: CVE-2024-49369: icinga2 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Nov 12, 2024	Nov 18, 2024	Feb 18, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Nov 12, 2024

Added

Nov 18, 2024

Modified

Feb 18, 2025

Description

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12.

Solution

debian-upgrade-icinga2

References

CVE-2024-49369
https://attackerkb.com/topics/CVE-2024-49369
DEBIAN-DLA-3953-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today