Many vulnerabilities have been disclosed in Checkmk IT Infrastructure checking software package that could be chained jointly by an unauthenticated, remote attacker to fully just take more than afflicted servers.
“These vulnerabilities can be chained jointly by an unauthenticated, remote attacker to gain code execution on the server working Checkmk edition 2.1.0p10 and decrease,” SonarSource researcher Stefan Schiller stated in a technological analysis.
Checkmk’s open supply version of the checking device is primarily based on Nagios Main and gives integrations with NagVis for the visualization and technology of topological maps of infrastructures, servers, ports, and procedures.
In accordance to its Munich-dependent developer tribe29 GmbH, its Company and Raw editions are used by in excess of 2,000 buyers, which include Airbus, Adobe, NASA, Siemens, Vodafone, and some others.
The 4 vulnerabilities, which consist of two Critical and two Medium severity bugs, are as follows –
- A code injection flaw in watolib’s auth.php (CVSS rating: 9.1)
- An arbitrary file examine flaw in NagVis (CVSS score: 9.1)
- A command injection flaw Checkmk’s Livestatus wrapper and Python API (CVSS rating: 6.8), and
- A server-facet ask for forgery (SSRF) flaw in the host registration API (CVSS score: 5.)
Even though these shortcomings on their very own have a limited effect, an adversary can chain the issues, setting up with the SSRF flaw to obtain an endpoint only reachable from localhost, employing it to bypass authentication and read through a configuration file, finally attaining obtain to the Checkmk GUI.
“This accessibility can even further be turned into distant code execution by exploiting a Code Injection vulnerability in a Checkmk GUI subcomponent called watolib, which generates a file named auth.php needed for the NagVis integration,” Schiller stated.
Pursuing responsible disclosure on August 22, 2022, the four vulnerabilities have been patched in Checkmk edition 2.1.0p12 introduced on September 15, 2022.
The conclusions comply with the discovery of a number of flaws in other checking methods like Zabbix and Icinga given that the start of the yr, which could have been exploited to compromise the servers by managing arbitrary code.
Observed this write-up fascinating? Stick to THN on Fb, Twitter and LinkedIn to browse more distinctive content we submit.
Some parts of this article are sourced from:
thehackernews.com