CVE-2024-49369

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 12, 2024

Updated: Nov 13, 2024

CWE ID 295

Summary

CVE-2024-49369 is a vulnerability affecting Icinga, a monitoring system used to check network resource availability and generate performance data. Versions 2.4.0 and later of Icinga are impacted, as they contain a flawed TLS certificate validation mechanism. This issue allows an attacker to impersonate trusted cluster nodes and authenticated users utilizing TLS client certificates (ApiUser objects with client_cn attribute set) for API access. Icinga has released patches for this vulnerability in versions 2.14.3, 2.13.10, 2.12.11, and 2.11.12.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Icinga2

Affected Vendors

Icinga

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zfZMIV
https://www.cve.org/CVERecord?id=CVE-2024-49369
https://nvd.nist.gov/vuln/detail/CVE-2024-49369

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners