CVE-2024-49369

CRITICAL

Icinga 2.4.0-2.11.11 - Improper Certificate Validation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-49369. PoCs published by Quantum-Sicarius.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-49369, targeting Icinga agents via JSON-RPC protocol impersonation. It includes scanning and exploitation capabilities, leveraging certificate validation bypass to execute arbitrary commands or establish reverse shells.

Description

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12.

Exploits (1)

nomisec WORKING POC 2 stars

by Quantum-Sicarius · poc

https://github.com/Quantum-Sicarius/CVE-2024-49369

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-49369, targeting Icinga agents via JSON-RPC protocol impersonation. It includes scanning and exploitation capabilities, leveraging certificate validation bypass to execute arbitrary commands or establish reverse shells.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Icinga (versions with vulnerable JSON-RPC protocol implementation)

No auth needed

Prerequisites: Network access to Icinga agent · Target agent must be disconnected from its Master/Satellite instance

MITRE ATT&CK