Kostenlos scannen
Analyse ausstehendCVE-2024-47091

CVE-2024-47091: Privilege Escalation in Checkmk Agent

Plattform

windows

Komponente

checkmk

Behoben in

2.4.0p29

Auf NVD ansehen
Speichern

CVE-2024-47091 describes a privilege escalation vulnerability affecting Checkmk Agent versions 2.4.0 through 2.4.0p29, and earlier 2.3.x and 2.2.x versions. A local, unprivileged user can exploit this flaw to gain SYSTEM-level privileges. The vulnerability resides within the mk_mysql agent plugin on Windows systems, allowing malicious service creation. Affected users should upgrade to version 2.4.0p29 to resolve the issue.

Auswirkungen und Angriffsszenarienwird übersetzt…

The impact of CVE-2024-47091 is severe. Successful exploitation allows an attacker to execute arbitrary code with SYSTEM privileges on the affected Checkmk Agent host. This grants complete control over the system, enabling data theft, malware installation, and lateral movement within the network. An attacker could leverage this to compromise other systems accessible from the Checkmk Agent host, potentially leading to a widespread breach. The ability to create a service with a specific name ('MySQL' or 'MariaDB') significantly lowers the barrier to exploitation, as it requires only local write access to a binary referenced by the service.

Ausnutzungskontextwird übersetzt…

CVE-2024-47091 is currently not listed on KEV or EPSS, indicating a low to medium probability of exploitation. Public proof-of-concept (POC) code is not yet widely available, but the vulnerability's relatively straightforward nature suggests that it could be exploited in the future. The vulnerability was published on 2026-05-13, and active campaigns are not currently known. Monitor security advisories and threat intelligence feeds for updates.

Bedrohungsanalyse

Exploit-Status

Proof of ConceptUnbekannt
CISA KEVNO

EPSS

0.01% (3% Perzentil)

CISA SSVC

Ausnutzungnone
Automatisierbarno
Technische Auswirkungpartial

Betroffene Software

Komponentecheckmk
HerstellerCheckmk GmbH
Mindestversion2.4.0
Höchstversion2.4.0p29
Behoben in2.4.0p29

Schwachstellen-Klassifikation (CWE)

CWE-427

Zeitleiste

  1. Reserviert
  2. Veröffentlicht
  3. EPSS aktualisiert

Mitigation und Workaroundswird übersetzt…

The primary mitigation for CVE-2024-47091 is upgrading Checkmk Agent to version 2.4.0p29 or later. If immediate upgrading is not feasible, consider implementing stricter Windows service creation controls to prevent the creation of services with names matching 'MySQL' or 'MariaDB'. Review existing service configurations for any suspicious entries. While a WAF or proxy cannot directly mitigate this vulnerability, network segmentation can limit the potential blast radius if the agent is compromised. Monitor system logs for unusual service creation events. After upgrading, confirm the fix by attempting to create a service with the vulnerable name and verifying that the agent does not execute arbitrary code.

So behebenwird übersetzt…

Actualice el agente Checkmk a la versión 2.4.0p29 o superior, 2.3.0p47 o superior, o migre desde la versión 2.2.0 (EOL) a una versión soportada.  Esto mitiga la vulnerabilidad de escalada de privilegios al corregir la forma en que se manejan los plugins del agente MySQL/MariaDB.

Häufig gestellte Fragenwird übersetzt…

What is CVE-2024-47091 — Privilege Escalation in Checkmk Agent?

CVE-2024-47091 is a vulnerability in Checkmk Agent versions 2.4.0–2.4.0p29 that allows a local, unprivileged user to escalate their privileges to SYSTEM by creating a malicious Windows service. This can lead to complete system compromise.

Am I affected by CVE-2024-47091 in Checkmk Agent?

You are affected if you are running Checkmk Agent versions 2.4.0 through 2.4.0p29, or earlier 2.3.x and 2.2.x versions on Windows systems. Upgrade to 2.4.0p29 or later to mitigate the risk.

How do I fix CVE-2024-47091 in Checkmk Agent?

The recommended fix is to upgrade Checkmk Agent to version 2.4.0p29 or later. If upgrading is not immediately possible, implement stricter Windows service creation controls to prevent malicious service creation.

Is CVE-2024-47091 being actively exploited?

Currently, there are no known active campaigns exploiting CVE-2024-47091. However, the vulnerability's nature suggests it could be exploited in the future, so vigilance is advised.

Where can I find the official Checkmk advisory for CVE-2024-47091?

Refer to the official Checkmk security advisory for CVE-2024-47091 on the Checkmk website: [https://portal.checkmk.com/security/CVE-2024-47091](https://portal.checkmk.com/security/CVE-2024-47091)

Ist dein Projekt betroffen?

Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.

Kostenlos scannenCVEs suchen
liveKostenloser Scan

Jetzt testen — kein Konto

Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.

Manueller ScanSlack/E-Mail-AlertsKontinuierliche ÜberwachungWhite-Label-Berichte

Abhängigkeitsdatei hier ablegen

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...