 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.126708 |
| Categoría: | Privilege escalation |
| Título: | Checkmk < 2.1.0p40, 2.2.x < 2.2.0p23, 2.3.x < 2.3.0b1, 2.4.x < 2.4.0b1 Privilege Escalation Vulnerability |
| Resumen: | Checkmk is prone to a privilege escalation vulnerability. |
| Descripción: | Summary: Checkmk is prone to a privilege escalation vulnerability. Vulnerability Insight: In order to execute some system commands Checkmk Windows agent writes cmd files to C:\Windows\Temp\ and afterwards executes them. The permissions of the files were set restrictive but existing files were not properly handled. If a cmd file already existed and was write protected the agent was not able to rewrite the file but did not handle this case and executed the file nevertheless. Affected Software/OS: Checkmk versions prior to 2.1.0p40, 2.2.x prior to 2.2.0p23, 2.3.x prior to 2.3.0b1 and 2.4.x prior to 2.4.0b1. Solution: Update to version 2.1.0p40, 2.2.0p23, 2.3.0b1, 2.4.0b1 or later. CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2024-0670 http://seclists.org/fulldisclosure/2024/Mar/29 https://checkmk.com/werk/16361 |
| Copyright | Copyright (C) 2024 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |