CVE-2022-24715

HIGH

Icinga Web 2 <2.8.6-2.10 - Authenticated RCE

Title source: llm

Exploitation Summary

EIP tracks 5 public exploits for CVE-2022-24715. PoCs published by Dante Corona, JacobEbben, d4rkb0n3.

AI-analyzed exploit summary This exploit leverages an authenticated file upload vulnerability in Icinga Web 2 to achieve remote code execution by uploading a malicious PHP file disguised as an SSH private key, then triggering it to establish a reverse shell.

Description

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.

Exploits (5)

exploitdb WORKING POC

by Dante Corona · pythonwebappsphp

https://www.exploit-db.com/exploits/51586

View Code ZIP pw:eip

This exploit leverages an authenticated file upload vulnerability in Icinga Web 2 to achieve remote code execution by uploading a malicious PHP file disguised as an SSH private key, then triggering it to establish a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Icinga Web 2 <2.8.6, <2.9.6, <2.10

Auth required

Prerequisites: Valid credentials for Icinga Web 2 · Network access to the target · Attacker-controlled server to receive the reverse shell

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell T1059.004 - Unix Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 16 stars

by JacobEbben · poc

https://github.com/JacobEbben/CVE-2022-24715

View Code ZIP pw:eip

This is a functional exploit for CVE-2022-24715, an authenticated RCE vulnerability in Icinga Web 2. It leverages a path traversal flaw to upload a malicious PEM file, enabling arbitrary command execution via a webshell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Icinga Web 2 <2.8.6, <2.9.6, <2.10

Auth required

Prerequisites: Valid credentials for Icinga Web 2 · Access to the target's web interface

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by d4rkb0n3 · poc

https://github.com/d4rkb0n3/CVE-2022-24715-go

View Code ZIP pw:eip

This Go-based exploit targets CVE-2022-24715 in Icinga Web 2, leveraging a file upload vulnerability to achieve remote code execution (RCE) by injecting a malicious PHP payload into a configuration file. It automates authentication, CSRF token extraction, and module manipulation to trigger the payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Icinga Web 2 (versions affected by CVE-2022-24715)

Auth required

Prerequisites: Valid credentials for Icinga Web 2 · Network access to the target · Base64-encoded reverse shell payload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by cxdxnt · poc

https://github.com/cxdxnt/CVE-2022-24715

View Code ZIP pw:eip

This is a functional exploit for CVE-2022-24715, an authenticated RCE vulnerability in Icinga Web 2. It uploads a malicious PHP file disguised as an SSH private key, enables a module to execute it, and triggers a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Icinga Web 2 <2.8.6, <2.9.6, <2.10

Auth required

Prerequisites: Valid credentials for Icinga Web 2 · Network access to the target · Write permissions in the web directory

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by nimphtix · poc

https://github.com/nimphtix/CVE-2022-24715

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-24715, an authenticated remote code execution vulnerability in Icinga Web 2. The exploit leverages a path traversal vulnerability to upload a malicious payload and achieve RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Icinga Web 2 <2.8.6, <2.9.6, <2.10

Auth required

Prerequisites: Valid credentials for Icinga Web 2 · Access to the target system

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 07, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/202208-05

Patch, Third Party Advisory

https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb

View Patch ZIP pw:eip

Third Party Advisory

https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Execution.html

Scores

CVSS v3 8.5

EPSS 0.7251

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (1)

icinga/icinga_web_2 < 2.8.6

Published Mar 08, 2022

Tracked Since Feb 18, 2026