Dwelling › Vulnerabilities

Checkmk Vulnerabilities Can Be Chained for Distant Code Execution

By Ionut Arghire on November 03, 2022

Tweet

Researchers at code safety agency Sonar Supply have shared particulars on a number of Checkmk vulnerabilities that could possibly be chained collectively to execute code remotely, with out authentication.

Written in Python and C++, Checkmk is an IT Infrastructure monitoring answer that permits organizations to watch servers, containers, cloud infrastructure, networks, databases, and different property utilizing a single net interface.

“Based on the seller’s web site, greater than 2,000 clients depend on Checkmk. As a result of its function, Checkmk is a central part often deployed at a privileged place in an organization’s community. This makes it a high-profile goal for menace actors,” Sonar Supply notes.

The corporate has recognized 4 vulnerabilities in Checkmk and its NagVis integration, together with two with a ‘important’ severity score (CVSS rating of 9.1).

These safety defects, Sonar Supply warns, “could be chained collectively by an unauthenticated, distant attacker to totally take over the server operating a susceptible model of Checkmk.”

The primary of the problems is described as a code injection vulnerability within the watolib part, which existed as a result of consumer information entered in Wato was improperly sanitized when writing to the PHP file.

“Previous to this Werk it was doable for authenticated customers to inject PHP code in recordsdata generated by Wato for NagVis integration. The code can be executed as soon as a request to the respective NagVis part is made,” Checkmk explains.

The second critical-severity flaw is described as an arbitrary file learn impacting NagVis, the part chargeable for creating community maps.

“An authenticated attacker can learn arbitrary recordsdata with the permissions of the online server consumer,” Checkmk notes in its advisory.

The 2 different vulnerabilities, each rated ‘medium severity’, are a line feed injection and a restricted server-side request forgery (SSRF) challenge.

“A few of the recognized vulnerabilities have restricted sensible influence on their very own. Nonetheless, a malicious attacker can chain them collectively to attain distant code execution,” Sonar Supply underlines.

The code evaluation agency explains that the exploitation chain would begin with the unauthenticated attacker exploiting the SSRF to entry an endpoint reachable from the localhost solely and which is susceptible to the road feed injection.

By forging arbitrary LQL queries – which Checkmk makes use of to fetch information from the monitoring core – the attacker can then delete arbitrary recordsdata, which might permit them to bypass current authentication mechanisms and entry NagVis.

With entry to NagVis, the attacker might exploit the arbitrary file learn to entry a particular Checkmk configuration file and achieve entry to the Checkmk GUI, after which exploit the code injection in watolib to attain distant code execution (RCE).

Sonar Supply reported the vulnerabilities to Checkmk on August 22, which patched them inside every week.

Associated: Crucial Packagist Vulnerability Opened Door for PHP Provide Chain Assault

Associated: VMware Patches Crucial Vulnerability in Finish-of-Life Product

Associated: Anxiously Awaited OpenSSL Vulnerability’s Severity Downgraded From Crucial to Excessive

Get the Day by day Briefing

• Most Current
• Most Learn

• Purple Cross Seeks ‘Digital Emblem’ to Defend In opposition to Hacking
• Offense Will get the Glory, however Protection Wins the Recreation
• Microsoft Extends Support for Ukraine’s Wartime Tech Innovation
• Cisco Patches Excessive-Severity Bugs in E mail, Identification, Net Safety Merchandise
• Webinar At this time: ESG – CISO’s Information to an Rising Threat Cornerstone
• Splunk Patches 9 Excessive-Severity Vulnerabilities in Enterprise Product
• French-Talking Cybercrime Group Stole Tens of millions From Banks
• Checkmk Vulnerabilities Can Be Chained for Distant Code Execution
• Over 250 US Information Web sites Ship Malware by way of Provide Chain Assault
• Fortinet Patches 6 Excessive-Severity Vulnerabilities

In search of Malware in All of the Mistaken Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Laptop Says About You

Be in a Place to Act Via Cyber Situational Consciousness

Report Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice 12 months To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

Learn how to Determine Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Engaging

Learn how to Defend In opposition to DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

Orbit Brain

http://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.