Lucene search

CheckmkVULNRICHMENT:CVE-2024-28833

HistoryJun 10, 2024 - 11:55 a.m.

CVE-2024-28833 Missing brute-force protection for two factor authentication

2024-06-1011:55:50

CWE-307

Checkmk

github.com

cve-2024-28833

missing brute-force protection

checkmk 2.3

two factor authentication

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

37.2%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.

CNA Affected

[
  {
    "vendor": "Checkmk GmbH",
    "product": "Checkmk",
    "versions": [
      {
        "status": "affected",
        "version": "2.3.0",
        "lessThan": "2.3.0p6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*"
    ],
    "vendor": "checkmk",
    "product": "checkmk",
    "versions": [
      {
        "status": "affected",
        "version": "2.3.0",
        "lessThan": "2.3.0p6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

checkmk.com/werk/16830

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

37.2%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-28833