CVE-2021-40905

The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
checkmkcheckmk
2.0.0
checkmkcheckmk
2.0.0:b1
checkmkcheckmk
2.0.0:b2
checkmkcheckmk
2.0.0:b3
checkmkcheckmk
2.0.0:b4
checkmkcheckmk
2.0.0:b5
checkmkcheckmk
2.0.0:b6
checkmkcheckmk
2.0.0:b7
checkmkcheckmk
2.0.0:b8
checkmkcheckmk
2.0.0:i1
checkmkcheckmk
2.0.0:p1
checkmkcheckmk
2.0.0:p10
checkmkcheckmk
2.0.0:p11
checkmkcheckmk
2.0.0:p12
checkmkcheckmk
2.0.0:p13
checkmkcheckmk
2.0.0:p14
checkmkcheckmk
2.0.0:p15
checkmkcheckmk
2.0.0:p16
checkmkcheckmk
2.0.0:p17
checkmkcheckmk
2.0.0:p2
checkmkcheckmk
2.0.0:p3
checkmkcheckmk
2.0.0:p4
checkmkcheckmk
2.0.0:p5
checkmkcheckmk
2.0.0:p6
checkmkcheckmk
2.0.0:p7
checkmkcheckmk
2.0.0:p8
checkmkcheckmk
2.0.0:p9
tribe29checkmk
1.5.0 ≤
𝑥
< 2.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://checkmk.com
https://github.com/Edgarloyola/CVE-2021-40905
http://checkmk.com
https://github.com/Edgarloyola/CVE-2021-40905