Lucene search
MitreVULNRICHMENT:CVE-2021-40905HistoryMar 25, 2022 - 10:20 p.m.
CVE-2021-40905
2022-03-2522:20:01
mitre
github.com
2
checkmk
remote code execution
web management interface
administrator role
extension packages
cve-2021-40905
AI Score
7.8
Confidence
Low
EPSS
0.006
Percentile
78.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of “.mkp” files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*"
],
"vendor": "tribe29",
"product": "checkmk",
"versions": [
{
"status": "affected",
"version": "1.5.0",
"lessThan": "2.0.0p9",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
prion
prion
Remote code execution
2022-03-25 23:15:00
nvd
nvd
CVE-2021-40905
2022-03-25 23:15:08
openvas
openvas
Checkmk 1.5.x <= 2.0.0p17 RCE Vulnerability
2022-03-29 00:00:00
cvelist
cvelist
CVE-2021-40905
2022-03-25 22:20:01
githubexploit
githubexploit
cve
cve
CVE-2021-40905
2022-03-25 23:15:08
AI Score
7.8
Confidence
Low
EPSS
0.006
Percentile
78.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2021-40905