PT-2024-22595 · Checkmk · Checkmk
Modzero Gmbh
·
Published
2024-07-10
·
Updated
2025-08-28
·
CVE-2024-28827
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.3.0p8
Checkmk versions prior to 2.2.0p29
Checkmk versions prior to 2.1.0p45
Checkmk versions prior to or equal to 2.0.0p39
Description
The issue is related to incorrect permissions on the Checkmk Windows Agent's data directory. This allows a local attacker to gain SYSTEM privileges.
Recommendations
For versions prior to 2.3.0p8, update to version 2.3.0p8 or later.
For versions prior to 2.2.0p29, update to version 2.2.0p29 or later.
For versions prior to 2.1.0p45, update to version 2.1.0p45 or later.
For versions prior to or equal to 2.0.0p39, update to a version later than 2.0.0p39, or consider an alternative solution since 2.0.0p39 is end-of-life.
Fix
LPE
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk