CVE-2024-28829

Privilege escalation in mk_informix plugin

Severity Score

5.2

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.

La violación de privilegios mínimos y la dependencia de entradas no confiables en el complemento del agente Checkmk mk_informix anterior a Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 y 2.0.0 (EOL) permite que los usuarios locales escalen privilegios.

*Credits: N/A

CVSS Scores

Checkmk GmbHv4 5.2

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

Present

Privileges Required

Low

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

Low

High

Integrity

Low

High

Availability

Low

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-03-11 CVE Reserved
2024-08-20 CVE Published
2024-08-21 CVE Updated
2024-08-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-272: Least Privilege Violation
CWE-807: Reliance on Untrusted Inputs in a Security Decision

CAPEC

CAPEC-233: Privilege Escalation

References (1)

URL	Tag	Source
https://checkmk.com/werk/16249

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Checkmk GmbH Search vendor "Checkmk GmbH"		Checkmk Search vendor "Checkmk GmbH" for product "Checkmk"				>= 2.3.0 < 2.3.0p12 Search vendor "Checkmk GmbH" for product "Checkmk" and version " >= 2.3.0 < 2.3.0p12"		en		Affected
Checkmk GmbH Search vendor "Checkmk GmbH"		Checkmk Search vendor "Checkmk GmbH" for product "Checkmk"				>= 2.2.0 < 2.2.0p32 Search vendor "Checkmk GmbH" for product "Checkmk" and version " >= 2.2.0 < 2.2.0p32"		en		Affected
Checkmk GmbH Search vendor "Checkmk GmbH"		Checkmk Search vendor "Checkmk GmbH" for product "Checkmk"				>= 2.1.0 < 2.1.0p47 Search vendor "Checkmk GmbH" for product "Checkmk" and version " >= 2.1.0 < 2.1.0p47"		en		Affected
Checkmk GmbH Search vendor "Checkmk GmbH"		Checkmk Search vendor "Checkmk GmbH" for product "Checkmk"				>= 2.0.0 <= 2.0.0p39 Search vendor "Checkmk GmbH" for product "Checkmk" and version " >= 2.0.0 <= 2.0.0p39"		en		Affected