Icinga is vulnerable to a cross-site request forgery vulnerability, which could allow attackers to execute arbitrary administrative actions if a user clicked on a malicious link from the attacker.
No Exploit Available
Cross-Site Request Forgery
Exploitation of this vulnerability is possible via forged HTML forms, sent to a victim through a number of different attack vectors (including malicious links). Attackers who successfully exploit this vulnerability may be able execute administrative actions.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 31971 - Icinga Web Interface Cross-Site Request Forgery (Zero-Day)
Apply the vendor source code patch until the official patch is released. The patch can be found on the vendor's issue tracker for bug ID 5346.