Can you explain this vulnerability to me?

This vulnerability is a file permission issue in Icinga for Windows and Icinga 2 on Windows. The certificate directory, which contains sensitive private keys, was created with overly permissive permissions allowing all local users to read its contents. This exposure of private keys compromises the confidentiality of the system. The problem arises from incorrect default permissions set during installation, classified as CWE-276. Fixed versions restrict access to only the Icinga service user and administrators, and manual ACL updates can also mitigate the issue. [1, 2, 3]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability can lead to unauthorized disclosure of private keys used by Icinga for Windows and Icinga 2, compromising the confidentiality of the host's cryptographic material. This could allow an attacker with local access to read sensitive certificate files, potentially enabling impersonation or other attacks relying on the exposed private keys. However, it does not affect the integrity or availability of the system. [1, 2, 3]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking the permissions of the directories `C:\Program Files\WindowsPowerShell\modules\icinga-powershell-framework\certificate` and `C:\ProgramData\icinga2\var` on the affected Windows system. Specifically, you should verify if these directories and their contents have overly permissive read access granted to all users. On a Windows system, you can use the command `icacls` to view the Access Control Lists (ACLs) for these directories. For example, run `icacls "C:\Program Files\WindowsPowerShell\modules\icinga-powershell-framework\certificate"` and `icacls "C:\ProgramData\icinga2\var"` to inspect the permissions. If the output shows that the 'Users' group or 'Everyone' has read access, the system is vulnerable. [1, 2, 3]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include upgrading Icinga for Windows to one of the fixed versions: v1.13.4, v1.12.4, or v1.11.2, which automatically correct the permissions on the affected directories. If upgrading is not immediately possible, manually restrict the Access Control Lists (ACLs) on the directories `C:\Program Files\WindowsPowerShell\modules\icinga-powershell-framework\certificate` and `C:\ProgramData\icinga2\var` including all subfolders and files. The ACLs should be set to allow access only to the Icinga service user and system administrators, removing read permissions from general users. This can be done using the `icacls` command, for example: `icacls "<directory>" /inheritance:r /grant:r "IcingaServiceUser:(OI)(CI)F" "Administrators:(OI)(CI)F" /remove "Users" "Everyone" /T`. [1, 2, 3]

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability exposes private keys due to overly permissive file permissions, which can lead to unauthorized access to sensitive cryptographic material. Such exposure can compromise confidentiality and potentially violate data protection requirements under standards like GDPR and HIPAA, which mandate protection of sensitive data and cryptographic keys. Therefore, this vulnerability could negatively impact compliance with these regulations by failing to adequately protect sensitive information. [1, 2, 3]

Useful 0 Not Useful 0