Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:1361412562310126353HistoryFeb 22, 2023 - 12:00 a.m.
Checkmk 1.6.x < 1.6.0p30, 2.0.x < 2.0.0p28, 2.1.x < 2.1.0p11, 2.2.x < 2.2.0b1 Multiple Vulnerabilities
2023-02-2200:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
3
checkmk
multiple vulnerabilities
cve-2022-46303
cve-2022-46836
remote banner
vendorfix
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.1%
Checkmk is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:check_mk_project:check_mk";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.126353");
script_version("2023-12-20T05:05:58+0000");
script_tag(name:"last_modification", value:"2023-12-20 05:05:58 +0000 (Wed, 20 Dec 2023)");
script_tag(name:"creation_date", value:"2023-02-22 07:31:26 +0000 (Wed, 22 Feb 2023)");
script_tag(name:"cvss_base", value:"9.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-03-02 18:16:00 +0000 (Thu, 02 Mar 2023)");
script_cve_id("CVE-2022-46303", "CVE-2022-46836");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Checkmk 1.6.x < 1.6.0p30, 2.0.x < 2.0.0p28, 2.1.x < 2.1.0p11, 2.2.x < 2.2.0b1 Multiple Vulnerabilities");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_check_mk_web_detect.nasl");
script_mandatory_keys("check_mk/detected");
script_tag(name:"summary", value:"Checkmk is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The following vulnerabilities exist:
- CVE-2022-46303: Possibility to inject arbitrary shell commands when sending SMS notifications.
For this, attackers would have needed to place a crafted string in a user's Pager Address, which
was not properly escaped by the SMS script.
- CVE-2022-46836: Authenticated users could inject PHP code in files generated by Wato for NagVis
integration. The code would be executed once a request to the respective NagVis component is
made.");
script_tag(name:"affected", value:"Checkmk versions 1.6.x < 1.6.0p30, 2.0.x prior to 2.0.0p28,
2.1.x prior to 2.1.0p11 and 2.2.x prior to 2.2.0b1.");
script_tag(name:"solution", value:"Update to version 1.6.0p30, 2.0.0p28, 2.1.0p11, 2.2.0b1 or
later.");
script_xref(name:"URL", value:"https://checkmk.com/werk/14381");
script_xref(name:"URL", value:"https://checkmk.com/werk/14383");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( ! port = get_app_port( cpe: CPE, service: "www" ) )
exit( 0 );
if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )
exit( 0 );
version = infos["version"];
location = infos["location"];
if( version_in_range_exclusive( version: version, test_version_lo: "1.6.0", test_version_up: "1.6.0p30" ) ) {
report = report_fixed_ver( installed_version: version, fixed_version: "1.6.0p30, 2.0.0p28, 2.1.0p11, 2.2.0b1", install_path: location );
security_message( port: port, data: report );
exit( 0 );
}
if( version_in_range_exclusive( version: version, test_version_lo: "2.0.0", test_version_up: "2.0.0p28" ) ) {
report = report_fixed_ver( installed_version: version, fixed_version: "2.0.0p28, 2.1.0p11, 2.2.0b1", install_path: location );
security_message( port: port, data: report );
exit( 0 );
}
if( version_in_range_exclusive( version: version, test_version_lo: "2.1.0", test_version_up: "2.1.0p20" ) ) {
report = report_fixed_ver( installed_version: version, fixed_version: "2.1.0p11, 2.2.0b1", install_path: location );
security_message( port: port, data: report );
exit( 0 );
}
if( version_in_range_exclusive( version: version, test_version_lo: "2.2.0", test_version_up: "2.2.0b1" ) ) {
report = report_fixed_ver( installed_version: version, fixed_version: "2.2.0b1", install_path: location );
security_message( port: port, data: report );
exit( 0 );
}
exit( 99 );
Related
cvelist
cvelist
CVE-2022-46303 Command injection in SMS notifications
2023-02-20 16:49:49
CVE-2022-46836 PHP code injection in watolib
2023-02-20 16:52:56
nvd
nvd
CVE-2022-46303
2023-02-20 17:15:12
CVE-2022-46836
2023-02-20 17:15:12
cve
cve
CVE-2022-46303
2023-02-20 17:15:12
CVE-2022-46836
2023-02-20 17:15:12
ubuntucve
ubuntucve
CVE-2022-46303
2023-02-20 00:00:00
CVE-2022-46836
2023-02-20 00:00:00
osv
osv
CVE-2022-46303
2023-02-20 17:15:12
CVE-2022-46836
2023-02-20 17:15:12
prion
prion
Command injection
2023-02-20 17:15:00
Code injection
2023-02-20 17:15:00
githubexploit
githubexploit
Exploit for Code Injection in Tribe29 Checkmk
2023-03-27 22:30:21
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.1%
Related for OPENVAS:1361412562310126353