Home > Vulnerability Database > CVE-2018-6533

Mend.io Vulnerability Database

CVE-2018-6533

Good to know:

Date: February 27, 2018

An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).

Language: C++

Severity Score

6.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-6533

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6533

Url: https://security-tracker.debian.org/tracker/CVE-2018-6533

Url: https://github.com/Icinga/icinga2/pull/5850

Url: https://www.mend.io/vulnerability-database/CVE-2018-6533

Severity Score

6.8

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version v2.8.2

Learn More

CVSS v3

Base Score:	6.8
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL

CVSS v2

Base Score:	4.0
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-6533

Good to know:

Date: February 27, 2018

Language: C++

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?