Lucene search
K

Checkmk 2.0.x < 2.0.0p38, 2.1.x < 2.1.0p32, 2.2.x < 2.2.0p4 Command Injection Vulnerability

🗓️ 11 Aug 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 14 Views

Checkmk 2.0.x < 2.0.0p38, 2.1.x < 2.1.0p32, 2.2.x < 2.2.0p4 Command Injection Vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2023-31209
10 Aug 202312:15
circl
CNNVD
Checkmk Injection Vulnerability
10 Aug 202300:00
cnnvd
CVE
CVE-2023-31209
10 Aug 202308:14
cve
Cvelist
CVE-2023-31209 Command injection via active checks and REST API
10 Aug 202308:14
cvelist
EUVD
EUVD-2023-35524
3 Oct 202520:07
euvd
NVD
CVE-2023-31209
10 Aug 202309:15
nvd
OSV
UBUNTU-CVE-2023-31209
10 Aug 202309:15
osv
Prion
Input validation
10 Aug 202309:15
prion
Positive Technologies
PT-2023-23232 · Checkmk · Checkmk
10 Aug 202300:00
ptsecurity
RedhatCVE
CVE-2023-31209
9 Jan 202608:57
redhatcve
Rows per page
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:checkmk:checkmk";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.126468");
  script_version("2025-09-12T15:39:53+0000");
  script_tag(name:"last_modification", value:"2025-09-12 15:39:53 +0000 (Fri, 12 Sep 2025)");
  script_tag(name:"creation_date", value:"2023-08-11 08:14:26 +0000 (Fri, 11 Aug 2023)");
  script_tag(name:"cvss_base", value:"9.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-08-17 18:46:00 +0000 (Thu, 17 Aug 2023)");

  script_cve_id("CVE-2023-31209");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Checkmk 2.0.x < 2.0.0p38, 2.1.x < 2.1.0p32, 2.2.x < 2.2.0p4 Command Injection Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_checkmk_server_http_detect.nasl");
  script_mandatory_keys("checkmk/server/detected");

  script_tag(name:"summary", value:"Checkmk is prone to a command injection vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Users with the permissions to (a) use the RestAPI, (b) create
  passwords in the password store, and (c) create active checks were able to run arbitrary commands
  on the site.");

  script_tag(name:"affected", value:"Checkmk versions 2.0.x prior to 2.0.0p38, 2.1.x prior to
  2.1.0p32 and 2.2.x prior to 2.2.0p4.");

  script_tag(name:"solution", value:"Update to version 2.0.0p38, 2.1.0p32, 2.2.0p4 or later.");

  script_xref(name:"URL", value:"https://checkmk.com/werk/15194");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! port = get_app_port( cpe: CPE ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if( version_in_range_exclusive( version: version, test_version_lo: "2.0.0", test_version_up: "2.0.0p38" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "2.0.0p38, 2.1.0p32, 2.2.0p4", install_path: location );
  security_message( port: port, data: report );
  exit( 0 );
}

if( version_in_range_exclusive( version: version, test_version_lo: "2.1.0", test_version_up: "2.1.0p32" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "2.1.0p32, 2.2.0p4", install_path: location );
  security_message( port: port, data: report );
  exit( 0 );
}

if( version_in_range_exclusive( version: version, test_version_lo: "2.2.0", test_version_up: "2.2.0p4" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "2.2.0p4", install_path: location );
  security_message( port: port, data: report );
  exit( 0 );
}

exit( 99 );

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

12 Sep 2025 00:00Current
8.9High risk
Vulners AI Score8.9
CVSS 3.18.8
EPSS0.0102
SSVC
14