CVE-2021-40904

Name of the Vulnerable Software and Affected Versions CheckMK Raw Edition versions 1.5.0 through 1.6.0

Description The issue concerns a misconfiguration in the web management console of CheckMK Raw Edition, specifically with the Dokuwiki web-app that is installed by default. This misconfiguration allows for the embedding of php code, which can lead to remote code execution. To exploit this issue, an attacker must have access to the web management interface, either by using valid credentials or by hijacking a session of a user with administrator privileges.

Recommendations For CheckMK Raw Edition versions 1.5.0 through 1.6.0, ensure that the Dokuwiki web-app is properly configured to prevent the embedding of php code, and restrict access to the web management interface to authorized personnel only. As a temporary workaround, consider restricting access to the Dokuwiki web-app until a proper configuration can be applied.