Lucene search
+L

CVE-2024-0670

🗓️ 11 Mar 2024 14:50:59Reported by CheckmkType 
cve
 cve
🔗 web.nvd.nist.gov👁 104 Views🌐 WEB

Privilege escalation in windows agent plugin in Checkmk before 2.2.0p2

Related
Detection
Affected
Refs
Paths
NVD
Node
AND
OR
checkmkcheckmkRange2.0.02.1.0
checkmkcheckmkMatch2.1.0-
checkmkcheckmkMatch2.1.0b1
checkmkcheckmkMatch2.1.0b2
checkmkcheckmkMatch2.1.0b3
checkmkcheckmkMatch2.1.0b4
checkmkcheckmkMatch2.1.0b5
checkmkcheckmkMatch2.1.0b6
checkmkcheckmkMatch2.1.0b7
checkmkcheckmkMatch2.1.0b8
checkmkcheckmkMatch2.1.0b9
checkmkcheckmkMatch2.1.0p1
checkmkcheckmkMatch2.1.0p10
checkmkcheckmkMatch2.1.0p11
checkmkcheckmkMatch2.1.0p12
checkmkcheckmkMatch2.1.0p13
checkmkcheckmkMatch2.1.0p14
checkmkcheckmkMatch2.1.0p15
checkmkcheckmkMatch2.1.0p16
checkmkcheckmkMatch2.1.0p17
checkmkcheckmkMatch2.1.0p18
checkmkcheckmkMatch2.1.0p19
checkmkcheckmkMatch2.1.0p2
checkmkcheckmkMatch2.1.0p20
checkmkcheckmkMatch2.1.0p21
checkmkcheckmkMatch2.1.0p22
checkmkcheckmkMatch2.1.0p23
checkmkcheckmkMatch2.1.0p24
checkmkcheckmkMatch2.1.0p25
checkmkcheckmkMatch2.1.0p26
checkmkcheckmkMatch2.1.0p27
checkmkcheckmkMatch2.1.0p28
checkmkcheckmkMatch2.1.0p29
checkmkcheckmkMatch2.1.0p3
checkmkcheckmkMatch2.1.0p30
checkmkcheckmkMatch2.1.0p31
checkmkcheckmkMatch2.1.0p32
checkmkcheckmkMatch2.1.0p33
checkmkcheckmkMatch2.1.0p34
checkmkcheckmkMatch2.1.0p35
checkmkcheckmkMatch2.1.0p36
checkmkcheckmkMatch2.1.0p37
checkmkcheckmkMatch2.1.0p38
checkmkcheckmkMatch2.1.0p39
checkmkcheckmkMatch2.1.0p4
checkmkcheckmkMatch2.1.0p5
checkmkcheckmkMatch2.1.0p6
checkmkcheckmkMatch2.1.0p7
checkmkcheckmkMatch2.1.0p8
checkmkcheckmkMatch2.1.0p9
checkmkcheckmkMatch2.2.0-
checkmkcheckmkMatch2.2.0b1
checkmkcheckmkMatch2.2.0b2
checkmkcheckmkMatch2.2.0b3
checkmkcheckmkMatch2.2.0b4
checkmkcheckmkMatch2.2.0b5
checkmkcheckmkMatch2.2.0b6
checkmkcheckmkMatch2.2.0b7
checkmkcheckmkMatch2.2.0b8
checkmkcheckmkMatch2.2.0i1
checkmkcheckmkMatch2.2.0p1
checkmkcheckmkMatch2.2.0p10
checkmkcheckmkMatch2.2.0p11
checkmkcheckmkMatch2.2.0p12
checkmkcheckmkMatch2.2.0p13
checkmkcheckmkMatch2.2.0p14
checkmkcheckmkMatch2.2.0p15
checkmkcheckmkMatch2.2.0p16
checkmkcheckmkMatch2.2.0p17
checkmkcheckmkMatch2.2.0p18
checkmkcheckmkMatch2.2.0p19
checkmkcheckmkMatch2.2.0p2
checkmkcheckmkMatch2.2.0p20
checkmkcheckmkMatch2.2.0p21
checkmkcheckmkMatch2.2.0p22
checkmkcheckmkMatch2.2.0p3
checkmkcheckmkMatch2.2.0p4
checkmkcheckmkMatch2.2.0p5
checkmkcheckmkMatch2.2.0p6
checkmkcheckmkMatch2.2.0p7
checkmkcheckmkMatch2.2.0p8
checkmkcheckmkMatch2.2.0p9
[
  {
    "defaultStatus": "unaffected",
    "product": "Checkmk",
    "vendor": "Checkmk GmbH",
    "versions": [
      {
        "lessThan": "2.2.0p23",
        "status": "affected",
        "version": "2.2.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.1.0p40",
        "status": "affected",
        "version": "2.1.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "2.0.0p39",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "semver"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
cmk_all_${_}_1.cmdpathC:\Windows\Temp\cmk_all_${_}_1.cmdLocal Privilege Escalation via writable files (Checkmk) - temporary cmd files created in Windows Temp used to escalate privilegesCWE-427
mal.exepathC:\Users\attacker\Desktop\mal.exeMalicious binary used in PoC to execute with SYSTEM privilegesCWE-427
fafda3e.msipathC:\Windows\Installer\fafda3e.msiInstaller file used in PoC to force write/execute temporary files during repairCWE-427

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 06:54Current
8.7High risk
Vulners AI Score8.7
CVSS 3.17.8 - 8.8
EPSS0.00342
SSVC
104