CVE-2020-24908

Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
checkmkcheckmk
𝑥
< 1.6.0
checkmkcheckmk
1.6.0
checkmkcheckmk
1.6.0:p1
checkmkcheckmk
1.6.0:p10
checkmkcheckmk
1.6.0:p11
checkmkcheckmk
1.6.0:p12
checkmkcheckmk
1.6.0:p13
checkmkcheckmk
1.6.0:p14
checkmkcheckmk
1.6.0:p15
checkmkcheckmk
1.6.0:p16
checkmkcheckmk
1.6.0:p2
checkmkcheckmk
1.6.0:p3
checkmkcheckmk
1.6.0:p4
checkmkcheckmk
1.6.0:p5
checkmkcheckmk
1.6.0:p6
checkmkcheckmk
1.6.0:p7
checkmkcheckmk
1.6.0:p8
checkmkcheckmk
1.6.0:p9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
check-mk
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
bionic
not-affected
xenial
not-affected
trusty
dne
References
https://compass-security.com/fileadmin/Research/Advisories/2020-05_CSNC-2020-005_Checkmk_Local_Privilege_Escalation.txt
https://compass-security.com/fileadmin/Research/Advisories/2020-05_CSNC-2020-005_Checkmk_Local_Privilege_Escalation.txt