HomePentest-Tools.com Logo

Checkmk 1.5.x - 1.5.0p25 RCE Vulnerability CVE-2021-40904

Severity
CVSSv3 Score
8.8
Vulnerability description

Checkmk is prone to a remote code execution (RCE) vulnerability.

Risk description

The web management console allows a misconfiguration of the web-app Dokuwiki (installed by default) which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator.

Recommendation

Update to version 1.6.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 25, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available