PT-2023-15068 · Checkmk · Checkmk

Stefan Schiller

Publicado

2023-02-20

Atualizado

2024-07-23

CVE-2022-46836

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions Checkmk versions 1.6.0 through 1.6.0p29 Checkmk versions 2.0.0 through 2.0.0p27 Checkmk versions 2.1.0 through 2.1.0p10

Description The issue allows an attacker to inject and execute PHP code in the auth.php and hosttags.php files of the watolib component, which will be executed upon request of the vulnerable component.

Recommendations For Checkmk versions 1.6.0 through 1.6.0p29, update to a version later than 1.6.0p29. For Checkmk versions 2.0.0 through 2.0.0p27, update to a version later than 2.0.0p27. For Checkmk versions 2.1.0 through 2.1.0p10, update to a version later than 2.1.0p10.

Exploit

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-94

Identificadores relacionados

CVE-2022-46836

Produtos afetados

Checkmk

PT-2023-15068 · Checkmk · Checkmk

CVE-2022-46836

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8