PT-2025-2259 · Nagvis+2 · Nagvis+2
Jaggar Henry
+1
·
Published
2025-02-04
·
Updated
2025-05-01
·
CVE-2024-13723
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Checkmk (affected versions not specified)
Description
The issue concerns the "NagVis" component within Checkmk, which is susceptible to remote code execution. An authenticated attacker with administrative level privileges can upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk
Debian
Nagvis