CVE-2024-0670

Name of the Vulnerable Software and Affected Versions Checkmk versions prior to 2.2.0p23 Checkmk versions prior to 2.1.0p40 Checkmk version 2.0.0

Description The issue is related to an uncontrolled search path element in the Checkmk software, which can be exploited to escalate privileges. This allows a local user to gain elevated access. The vulnerability affects the Windows agent plugin in Checkmk.

Recommendations For Checkmk versions prior to 2.2.0p23, update to version 2.2.0p23 or later to resolve the issue. For Checkmk versions prior to 2.1.0p40, update to version 2.1.0p40 or later to resolve the issue. For Checkmk version 2.0.0, consider upgrading to a supported version, as 2.0.0 has reached its end-of-life. As a temporary workaround, consider restricting access to the Windows agent plugin to minimize the risk of exploitation.