無料スキャン
分析待ちCVE-2024-47091

CVE-2024-47091: Privilege Escalation in Checkmk Agent

プラットフォーム

windows

コンポーネント

checkmk

修正版

2.4.0p29

NVDで見る
保存

CVE-2024-47091 describes a privilege escalation vulnerability affecting Checkmk Agent versions 2.4.0 through 2.4.0p29, and earlier 2.3.x and 2.2.x versions. A local, unprivileged user can exploit this flaw to gain SYSTEM-level privileges. The vulnerability resides within the mk_mysql agent plugin on Windows systems, allowing malicious service creation. Affected users should upgrade to version 2.4.0p29 to resolve the issue.

影響と攻撃シナリオ翻訳中…

The impact of CVE-2024-47091 is severe. Successful exploitation allows an attacker to execute arbitrary code with SYSTEM privileges on the affected Checkmk Agent host. This grants complete control over the system, enabling data theft, malware installation, and lateral movement within the network. An attacker could leverage this to compromise other systems accessible from the Checkmk Agent host, potentially leading to a widespread breach. The ability to create a service with a specific name ('MySQL' or 'MariaDB') significantly lowers the barrier to exploitation, as it requires only local write access to a binary referenced by the service.

悪用の状況翻訳中…

CVE-2024-47091 is currently not listed on KEV or EPSS, indicating a low to medium probability of exploitation. Public proof-of-concept (POC) code is not yet widely available, but the vulnerability's relatively straightforward nature suggests that it could be exploited in the future. The vulnerability was published on 2026-05-13, and active campaigns are not currently known. Monitor security advisories and threat intelligence feeds for updates.

脅威インテリジェンス

エクスプロイト状況

概念実証不明
CISA KEVNO

EPSS

0.01% (3% パーセンタイル)

CISA SSVC

悪用状況none
自動化可能no
技術的影響partial

影響を受けるソフトウェア

コンポーネントcheckmk
ベンダーCheckmk GmbH
最小バージョン2.4.0
最大バージョン2.4.0p29
修正版2.4.0p29

弱点分類 (CWE)

CWE-427

タイムライン

  1. 予約済み
  2. 公開日
  3. EPSS 更新日

緩和策と回避策翻訳中…

The primary mitigation for CVE-2024-47091 is upgrading Checkmk Agent to version 2.4.0p29 or later. If immediate upgrading is not feasible, consider implementing stricter Windows service creation controls to prevent the creation of services with names matching 'MySQL' or 'MariaDB'. Review existing service configurations for any suspicious entries. While a WAF or proxy cannot directly mitigate this vulnerability, network segmentation can limit the potential blast radius if the agent is compromised. Monitor system logs for unusual service creation events. After upgrading, confirm the fix by attempting to create a service with the vulnerable name and verifying that the agent does not execute arbitrary code.

修正方法翻訳中…

Actualice el agente Checkmk a la versión 2.4.0p29 o superior, 2.3.0p47 o superior, o migre desde la versión 2.2.0 (EOL) a una versión soportada.  Esto mitiga la vulnerabilidad de escalada de privilegios al corregir la forma en que se manejan los plugins del agente MySQL/MariaDB.

よくある質問翻訳中…

What is CVE-2024-47091 — Privilege Escalation in Checkmk Agent?

CVE-2024-47091 is a vulnerability in Checkmk Agent versions 2.4.0–2.4.0p29 that allows a local, unprivileged user to escalate their privileges to SYSTEM by creating a malicious Windows service. This can lead to complete system compromise.

Am I affected by CVE-2024-47091 in Checkmk Agent?

You are affected if you are running Checkmk Agent versions 2.4.0 through 2.4.0p29, or earlier 2.3.x and 2.2.x versions on Windows systems. Upgrade to 2.4.0p29 or later to mitigate the risk.

How do I fix CVE-2024-47091 in Checkmk Agent?

The recommended fix is to upgrade Checkmk Agent to version 2.4.0p29 or later. If upgrading is not immediately possible, implement stricter Windows service creation controls to prevent malicious service creation.

Is CVE-2024-47091 being actively exploited?

Currently, there are no known active campaigns exploiting CVE-2024-47091. However, the vulnerability's nature suggests it could be exploited in the future, so vigilance is advised.

Where can I find the official Checkmk advisory for CVE-2024-47091?

Refer to the official Checkmk security advisory for CVE-2024-47091 on the Checkmk website: [https://portal.checkmk.com/security/CVE-2024-47091](https://portal.checkmk.com/security/CVE-2024-47091)

あなたのプロジェクトは影響を受けていますか?

依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。

無料スキャンCVEを検索
scanZone.liveBadgescanZone.eyebrow

今すぐ試す — アカウント不要

Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.

手動スキャンSlack/メールアラートContinuous monitoringホワイトラベルレポート

依存関係ファイルをドラッグ&ドロップ

composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...