CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-6536

An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.1%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 4.9

References

Products affected by CVE-2018-6536

Icinga » Icinga » Version: 2.0.0

cpe:2.3:a:icinga:icinga:2.0.0
Icinga » Icinga » Version: 2.0.1

cpe:2.3:a:icinga:icinga:2.0.1
Icinga » Icinga » Version: 2.0.2

cpe:2.3:a:icinga:icinga:2.0.2
Icinga » Icinga » Version: 2.1.0

cpe:2.3:a:icinga:icinga:2.1.0
Icinga » Icinga » Version: 2.1.1

cpe:2.3:a:icinga:icinga:2.1.1
Icinga » Icinga » Version: 2.2.0

cpe:2.3:a:icinga:icinga:2.2.0
Icinga » Icinga » Version: 2.2.1

cpe:2.3:a:icinga:icinga:2.2.1
Icinga » Icinga » Version: 2.2.2

cpe:2.3:a:icinga:icinga:2.2.2
Icinga » Icinga » Version: 2.2.3

cpe:2.3:a:icinga:icinga:2.2.3
Icinga » Icinga » Version: 2.2.4

cpe:2.3:a:icinga:icinga:2.2.4
Icinga » Icinga » Version: 2.3.0

cpe:2.3:a:icinga:icinga:2.3.0
Icinga » Icinga » Version: 2.3.1

cpe:2.3:a:icinga:icinga:2.3.1
Icinga » Icinga » Version: 2.3.10

cpe:2.3:a:icinga:icinga:2.3.10
Icinga » Icinga » Version: 2.3.11

cpe:2.3:a:icinga:icinga:2.3.11
Icinga » Icinga » Version: 2.3.2

cpe:2.3:a:icinga:icinga:2.3.2
Icinga » Icinga » Version: 2.3.3

cpe:2.3:a:icinga:icinga:2.3.3
Icinga » Icinga » Version: 2.3.4

cpe:2.3:a:icinga:icinga:2.3.4
Icinga » Icinga » Version: 2.3.5

cpe:2.3:a:icinga:icinga:2.3.5
Icinga » Icinga » Version: 2.3.6

cpe:2.3:a:icinga:icinga:2.3.6
Icinga » Icinga » Version: 2.3.7

cpe:2.3:a:icinga:icinga:2.3.7
Icinga » Icinga » Version: 2.3.8

cpe:2.3:a:icinga:icinga:2.3.8
Icinga » Icinga » Version: 2.3.9

cpe:2.3:a:icinga:icinga:2.3.9
Icinga » Icinga » Version: 2.4.0

cpe:2.3:a:icinga:icinga:2.4.0
Icinga » Icinga » Version: 2.4.1

cpe:2.3:a:icinga:icinga:2.4.1
Icinga » Icinga » Version: 2.4.10

cpe:2.3:a:icinga:icinga:2.4.10
Icinga » Icinga » Version: 2.4.2

cpe:2.3:a:icinga:icinga:2.4.2
Icinga » Icinga » Version: 2.4.3

cpe:2.3:a:icinga:icinga:2.4.3
Icinga » Icinga » Version: 2.4.4

cpe:2.3:a:icinga:icinga:2.4.4
Icinga » Icinga » Version: 2.4.5

cpe:2.3:a:icinga:icinga:2.4.5
Icinga » Icinga » Version: 2.4.6

cpe:2.3:a:icinga:icinga:2.4.6
Icinga » Icinga » Version: 2.4.7

cpe:2.3:a:icinga:icinga:2.4.7
Icinga » Icinga » Version: 2.4.8

cpe:2.3:a:icinga:icinga:2.4.8
Icinga » Icinga » Version: 2.4.9

cpe:2.3:a:icinga:icinga:2.4.9
Icinga » Icinga » Version: 2.5.0

cpe:2.3:a:icinga:icinga:2.5.0
Icinga » Icinga » Version: 2.5.1

cpe:2.3:a:icinga:icinga:2.5.1
Icinga » Icinga » Version: 2.5.2

cpe:2.3:a:icinga:icinga:2.5.2
Icinga » Icinga » Version: 2.5.3

cpe:2.3:a:icinga:icinga:2.5.3
Icinga » Icinga » Version: 2.5.4

cpe:2.3:a:icinga:icinga:2.5.4
Icinga » Icinga » Version: 2.6.0

cpe:2.3:a:icinga:icinga:2.6.0
Icinga » Icinga » Version: 2.6.1

cpe:2.3:a:icinga:icinga:2.6.1
Icinga » Icinga » Version: 2.6.2

cpe:2.3:a:icinga:icinga:2.6.2
Icinga » Icinga » Version: 2.6.3

cpe:2.3:a:icinga:icinga:2.6.3
Icinga » Icinga » Version: 2.7.0

cpe:2.3:a:icinga:icinga:2.7.0
Icinga » Icinga » Version: 2.7.1

cpe:2.3:a:icinga:icinga:2.7.1
Icinga » Icinga » Version: 2.7.2

cpe:2.3:a:icinga:icinga:2.7.2
Icinga » Icinga » Version: 2.7.3

cpe:2.3:a:icinga:icinga:2.7.3
Icinga » Icinga » Version: 2.7.4

cpe:2.3:a:icinga:icinga:2.7.4
Icinga » Icinga » Version: 2.7.5

cpe:2.3:a:icinga:icinga:2.7.5
Icinga » Icinga » Version: 2.8.0

cpe:2.3:a:icinga:icinga:2.8.0
Icinga » Icinga » Version: 2.8.1

cpe:2.3:a:icinga:icinga:2.8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-6536

Products

Pricing

Contact Us