CVE-2021-40906

25.03.2022, 23:15

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 49%

Vendor	Product	Version
checkmk	checkmk	1.5.0 ≤ 𝑥 < 1.6.0
checkmk	checkmk	1.6.0
checkmk	checkmk	1.6.0:b1
checkmk	checkmk	1.6.0:b10
checkmk	checkmk	1.6.0:b12
checkmk	checkmk	1.6.0:b3
checkmk	checkmk	1.6.0:b4
checkmk	checkmk	1.6.0:b5
checkmk	checkmk	1.6.0:b9
checkmk	checkmk	1.6.0:p1
checkmk	checkmk	1.6.0:p10
checkmk	checkmk	1.6.0:p11
checkmk	checkmk	1.6.0:p12
checkmk	checkmk	1.6.0:p13
checkmk	checkmk	1.6.0:p14
checkmk	checkmk	1.6.0:p15
checkmk	checkmk	1.6.0:p16
checkmk	checkmk	1.6.0:p19
checkmk	checkmk	1.6.0:p2
checkmk	checkmk	1.6.0:p20
checkmk	checkmk	1.6.0:p21
checkmk	checkmk	1.6.0:p22
checkmk	checkmk	1.6.0:p23
checkmk	checkmk	1.6.0:p24
checkmk	checkmk	1.6.0:p25
checkmk	checkmk	1.6.0:p3
checkmk	checkmk	1.6.0:p4
checkmk	checkmk	1.6.0:p5
checkmk	checkmk	1.6.0:p6
checkmk	checkmk	1.6.0:p7
checkmk	checkmk	1.6.0:p8
checkmk	checkmk	1.6.0:p9
tribe29	checkmk	1.6.0b10:b10
tribe29	checkmk	1.6.0b11:b11
tribe29	checkmk	1.6.0p10:p10
tribe29	checkmk	1.6.0p17:p17
tribe29	checkmk	1.6.0p18:p18

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

check-mk

jammy	dne
focal	dne
bionic	Fixed 1.2.8p16-1ubuntu0.2 released
xenial	not-affected
trusty	ignored

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://checkmk.com

https://github.com/Edgarloyola/CVE-2021-40906

http://checkmk.com

https://github.com/Edgarloyola/CVE-2021-40906