PT-2024-28245 · Checkmk · Checkmk
Published
2024-12-19
·
Updated
2024-12-19
·
CVE-2024-38864
CVSS v4.0
4.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.3.0p23
Checkmk versions prior to 2.2.0p38
Checkmk versions prior to or equal to 2.1.0p49
Description
The issue is related to incorrect permissions on the Checkmk Windows Agent's data directory, allowing a local attacker to read sensitive data.
Recommendations
For versions prior to 2.3.0p23, update to version 2.3.0p23 or later.
For versions prior to 2.2.0p38, update to version 2.2.0p38 or later.
For versions prior to or equal to 2.1.0p49, update to a version later than 2.1.0p49, or consider alternative measures as 2.1.0p49 is end-of-life.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk