Home > Vulnerability Database > CVE-2018-6533

Mend.io Vulnerability Database

CVE-2018-6533

Good to know:

Date: February 27, 2018

An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).

Language: C++

Severity Score

7.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-6533

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6533

Url: https://security-tracker.debian.org/tracker/CVE-2018-6533

Url: https://github.com/Icinga/icinga2/pull/5850

Url: https://www.mend.io/vulnerability-database/CVE-2018-6533

Severity Score

7.8

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version v2.8.2

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-6533

Good to know:

Date: February 27, 2018

Language: C++

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?