CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
21.8%
Checkmk is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:check_mk_project:check_mk";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.124476");
script_version("2023-12-20T05:05:58+0000");
script_tag(name:"last_modification", value:"2023-12-20 05:05:58 +0000 (Wed, 20 Dec 2023)");
script_tag(name:"creation_date", value:"2023-11-17 09:14:26 +0000 (Fri, 17 Nov 2023)");
script_tag(name:"cvss_base", value:"9.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-11-30 21:00:00 +0000 (Thu, 30 Nov 2023)");
script_cve_id("CVE-2023-6156", "CVE-2023-6157", "CVE-2023-6251", "CVE-2023-23549");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Checkmk 2.0.x < 2.1.0p37, 2.2.x < 2.2.0p15 Multiple Vulnerabilities");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("General");
script_dependencies("gb_check_mk_web_detect.nasl");
script_mandatory_keys("check_mk/detected");
script_tag(name:"summary", value:"Checkmk is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The following vulnerabilities exist:
- CVE-2023-6156: An arbitrary livestatus command execution due to improper neutralization of
livestatus command delimiters in the availability timeline.
- CVE-2023-6157: An arbitrary livestatus command execution due to improper neutralization of
livestatus command delimiters in ajax_search.
- CVE-2023-6251: An authenticated attacker could craft a link with the generated message uuid to
delete the message via send user message.
- CVE-2023-23549: It was possible to create Hosts with arbitrary length. Since
Checkmk stores information in files which paths contain the hostname these path could exceed the
allowed length leading to various errors to an extend that rendered the usage of parts of the GUI
useless.");
script_tag(name:"affected", value:"Checkmk versions 2.0.x prior to 2.1.0p37 and 2.2.x prior to
2.2.0p15.");
script_tag(name:"solution", value:"Update to version 2.1.0p37, 2.2.0p15, 2.3.0b1 or later.");
script_xref(name:"URL", value:"https://checkmk.com/werk/16219");
script_xref(name:"URL", value:"https://checkmk.com/werk/16221");
script_xref(name:"URL", value:"https://checkmk.com/werk/16224");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( ! port = get_app_port( cpe: CPE, service: "www" ) )
exit( 0 );
if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )
exit( 0 );
version = infos["version"];
location = infos["location"];
if( version_in_range_exclusive( version: version, test_version_lo: "2.0", test_version_up: "2.1.0p37" ) ) {
report = report_fixed_ver( installed_version: version, fixed_version: "2.1.0p37, 2.2.0p15, 2.3.0b1", install_path: location );
security_message( port: port, data: report );
exit( 0 );
}
if( version_in_range_exclusive( version: version, test_version_lo: "2.2.0", test_version_up: "2.2.0p15" ) ) {
report = report_fixed_ver( installed_version: version, fixed_version: "2.2.0p15, 2.3.0b1", install_path: location );
security_message( port: port, data: report );
exit( 0 );
}
exit( 99 );
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
21.8%