A critical vulnerability in Icinga 2 monitoring systems allows attackers to bypass certificate validation and obtain legitimate certificates for impersonating trusted network nodes. This could lead to the impersonation of trusted cluster nodes, including masters and satellites. Attackers can supply corrupted configuration updates, execute arbitrary commands on remote systems, or extract sensitive monitoring data. The flaw affects installations built with older OpenSSL versions and has a CVSS score of 9.3.
Source: https://cybersecuritynews.com/critical-icinga-2-vulnerability/
TPRM report: https://scoringcyber.rankiteo.com/company/icinga
"id": "ici717053025",
"linkid": "icinga",
"type": "Vulnerability",
"date": "5/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'IT',
'name': 'Icinga',
'type': 'Software Provider'}],
'attack_vector': 'TLS Network Access',
'description': 'A critical security vulnerability discovered in Icinga 2 '
'monitoring systems enables attackers to bypass certificate '
'validation and obtain legitimate certificates for '
'impersonating trusted network nodes.',
'impact': {'systems_affected': ['Icinga 2 installations compiled with OpenSSL '
'versions older than 1.1.0',
'Red Hat Enterprise Linux 7',
'Amazon Linux 2']},
'initial_access_broker': {'entry_point': 'Direct TLS connectivity to an '
'Icinga master node capable of '
'signing certificates'},
'lessons_learned': 'Organizations should prioritize upgrading master nodes '
'running vulnerable OpenSSL versions immediately, as these '
'represent the primary attack vector.',
'motivation': 'Impersonate trusted cluster nodes, supply corrupted '
'configuration updates, execute arbitrary commands, extract '
'sensitive monitoring data',
'post_incident_analysis': {'corrective_actions': 'Apply patches immediately, '
'restrict network access to '
'master nodes, temporarily '
'disable certificate signing',
'root_causes': 'Legacy behavior in OpenSSL '
'versions prior to 1.1.0, where a '
"'valid' flag stored within "
'certificate objects could persist '
'between validation operations'},
'recommendations': 'Apply patches immediately, particularly those using Red '
'Hat Enterprise Linux 7 and Amazon Linux 2 distributions '
'that ship with susceptible OpenSSL versions.',
'references': [{'source': 'Icinga Development Team'}],
'response': {'containment_measures': ['Restricting network access to master '
'nodes',
'Temporarily disabling certificate '
'signing'],
'remediation_measures': ['Apply patches immediately',
'Upgrade master nodes running '
'vulnerable OpenSSL versions']},
'title': 'Critical Security Vulnerability in Icinga 2 Monitoring Systems',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2025-48057'}