A number of vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software program that may very well be chained collectively by an unauthenticated, distant attacker to totally take over affected servers.
“These vulnerabilities will be chained collectively by an unauthenticated, distant attacker to realize code execution on the server working Checkmk model 2.1.0p10 and decrease,” SonarSource researcher Stefan Schiller mentioned in a technical evaluation.
Checkmk’s open supply version of the monitoring instrument relies on Nagios Core and affords integrations with NagVis for the visualization and era of topological maps of infrastructures, servers, ports, and processes.
In response to its Munich-based developer tribe29 GmbH, its Enterprise and Uncooked editions are utilized by over 2,000 prospects, together with Airbus, Adobe, NASA, Siemens, Vodafone, and others.
The 4 vulnerabilities, which encompass two Essential and two Medium severity bugs, are as follows –
Whereas these shortcomings on their very own have a restricted affect, an adversary can chain the problems, beginning with the SSRF flaw to entry an endpoint solely reachable from localhost, utilizing it to bypass authentication and skim a configuration file, in the end having access to the Checkmk GUI.
“This entry can additional be become distant code execution by exploiting a Code Injection vulnerability in a Checkmk GUI subcomponent referred to as watolib, which generates a file named auth.php required for the NagVis integration,” Schiller defined.
Following accountable disclosure on August 22, 2022, the 4 vulnerabilities have been patched in Checkmk model 2.1.0p12 launched on September 15, 2022.
The findings comply with the invention of a number of flaws in different monitoring options like Zabbix and Icinga for the reason that begin of the yr, which might have been exploited to compromise the servers by working arbitrary code.
