PT-2024-5330 · Checkmk · Checkmk
Published
2024-07-08
·
Updated
2025-01-06
·
CVE-2024-6542
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Checkmk versions <= 2.0.0p39
Checkmk versions < 2.1.0p47
Checkmk versions < 2.2.0p32
Checkmk versions < 2.3.0p11
Description
The issue is related to improper neutralization of command delimiters in the mknotifyd daemon of the Checkmk software, allowing for arbitrary command execution. This could enable a remote attacker to execute commands.
Recommendations
For Checkmk versions <= 2.0.0p39, update to a version greater than 2.0.0p39.
For Checkmk versions < 2.1.0p47, update to a version greater than or equal to 2.1.0p47.
For Checkmk versions < 2.2.0p32, update to a version greater than or equal to 2.2.0p32.
For Checkmk versions < 2.3.0p11, update to a version greater than or equal to 2.3.0p11.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk