BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Icinga Web Interface Cross-Site Request Forgery

Disclosed December 2, 2013    Zeroday : 233 days

Vulnerability Description:

Icinga is vulnerable to a cross-site request forgery vulnerability, which could allow attackers to execute arbitrary administrative actions if a user clicked on a malicious link from the attacker.

Vendors:

Icinga

Vulnerable Software/Devices:

Icinga 1.10.2

Vulnerability Severity:

Medium

Exploit Availability:

No Exploit Available

Exploit Impact:

Cross-Site Request Forgery
Exploitation of this vulnerability is possible via forged HTML forms, sent to a victim through a number of different attack vectors (including malicious links). Attackers who successfully exploit this vulnerability may be able execute administrative actions.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 31971 - Icinga Web Interface Cross-Site Request Forgery (Zero-Day)

Mitigation:

Apply the vendor source code patch until the official patch is released. The patch can be found on the vendor's issue tracker for bug ID 5346.

Links:

CVE(s):