CVE-2024-28827

July 10, 2024, 1:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Checkmk

  • < 2.3.0p8
  • < 2.2.0p29
  • < 2.1.0p45
  • <= 2.0.0p39 (EOL)

Source

security@checkmk.com

Tags

CVE-2024-28827 details

Published : July 10, 2024, 1:15 p.m.
Last Modified : July 10, 2024, 1:15 p.m.

Description

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.

CVSS Score

1 2 3 4 5 6 7 8.8 9 10

Weakness

Weakness Name Description
CWE-732 Incorrect Permission Assignment for Critical Resource The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

8.8

Exploitability Score

2.0

Impact Score

6.0

Base Severity

HIGH

References

URL Source
https://checkmk.com/werk/16845 security@checkmk.com
This website uses the NVD API, but is not approved or certified by it.