Threat Management, Vulnerability Management

Checkmk IT infrastructure monitoring system impacted by many flaws

SonarSource researchers discovered that IT infrastructure monitoring software Checkmk had four security vulnerabilities, which could be leveraged to achieve total server takeovers, according to The Hacker News. Such security flaws include a code injection bug within watolib's aut.php and an arbitrary file read flaw in NagVis, both of which are critical in severity, and the medium-severity command injection flaw in Checkmk's Livestatus wrapper and Python API and server-side request forgery flaw within the host registration API. "These vulnerabilities can be chained together by an unauthenticated, remote attacker to gain code execution on the server running Checkmk version 2.1.0p10 and lower," said SonarSource researcher Stefan Schiller. Threat actors could leverage the chained flaws to obtain Checkmk GUI access. "This access can further be turned into remote code execution by exploiting a Code Injection vulnerability in a Checkmk GUI subcomponent called watolib, which generates a file named auth.php required for the NagVis integration," added Schiller. Patches for the vulnerabilities have been issued as part of an update in September.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.