PT-2023-14204 · Checkmk · Checkmk
Jan-Philipp Litza
·
Published
2023-02-09
·
Updated
2024-07-23
·
CVE-2022-43440
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.1.0p1
Checkmk versions prior to 2.0.0p25
Checkmk versions prior to 1.6.0p29
Description
The issue allows a site user to escalate privileges via a manipulated unixcat executable due to an uncontrolled search path element in the Checkmk Agent.
Recommendations
For versions prior to 2.1.0p1, update to version 2.1.0p1 or later.
For versions prior to 2.0.0p25, update to version 2.0.0p25 or later.
For versions prior to 1.6.0p29, update to version 1.6.0p29 or later.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk