Análise pendenteCVE-2024-47091

CVE-2024-47091: Privilege Escalation in Checkmk Agent

Plataforma

windows

Componente

checkmk

Corrigido em

2.4.0p29

Ver no NVD

Salvar

CVE-2024-47091 describes a privilege escalation vulnerability affecting Checkmk Agent versions 2.4.0 through 2.4.0p29, and earlier 2.3.x and 2.2.x versions. A local, unprivileged user can exploit this flaw to gain SYSTEM-level privileges. The vulnerability resides within the mk_mysql agent plugin on Windows systems, allowing malicious service creation. Affected users should upgrade to version 2.4.0p29 to resolve the issue.

Impacto e Cenários de Ataquetraduzindo…

The impact of CVE-2024-47091 is severe. Successful exploitation allows an attacker to execute arbitrary code with SYSTEM privileges on the affected Checkmk Agent host. This grants complete control over the system, enabling data theft, malware installation, and lateral movement within the network. An attacker could leverage this to compromise other systems accessible from the Checkmk Agent host, potentially leading to a widespread breach. The ability to create a service with a specific name ('MySQL' or 'MariaDB') significantly lowers the barrier to exploitation, as it requires only local write access to a binary referenced by the service.

Contexto de Exploraçãotraduzindo…

CVE-2024-47091 is currently not listed on KEV or EPSS, indicating a low to medium probability of exploitation. Public proof-of-concept (POC) code is not yet widely available, but the vulnerability's relatively straightforward nature suggests that it could be exploited in the future. The vulnerability was published on 2026-05-13, and active campaigns are not currently known. Monitor security advisories and threat intelligence feeds for updates.

Inteligência de Ameaças

Status do Exploit

Prova de ConceitoDesconhecido

CISA KEVNO

EPSS

0.01% (percentil 3%)

CISA SSVC

Exploraçãonone

Automatizávelno

Impacto Técnicopartial

Software Afetado

Componentecheckmk

FornecedorCheckmk GmbH

Versão mínima2.4.0

Versão máxima2.4.0p29

Corrigido em2.4.0p29

Classificação de Fraqueza (CWE)

CWE-427

Linha do tempo

Reservado2024-09-18
Publicada2026-05-13
EPSS atualizado2026-05-13

Mitigação e Soluções Alternativastraduzindo…

The primary mitigation for CVE-2024-47091 is upgrading Checkmk Agent to version 2.4.0p29 or later. If immediate upgrading is not feasible, consider implementing stricter Windows service creation controls to prevent the creation of services with names matching 'MySQL' or 'MariaDB'. Review existing service configurations for any suspicious entries. While a WAF or proxy cannot directly mitigate this vulnerability, network segmentation can limit the potential blast radius if the agent is compromised. Monitor system logs for unusual service creation events. After upgrading, confirm the fix by attempting to create a service with the vulnerable name and verifying that the agent does not execute arbitrary code.

Como corrigirtraduzindo…

Actualice el agente Checkmk a la versión 2.4.0p29 o superior, 2.3.0p47 o superior, o migre desde la versión 2.2.0 (EOL) a una versión soportada.  Esto mitiga la vulnerabilidad de escalada de privilegios al corregir la forma en que se manejan los plugins del agente MySQL/MariaDB.

Perguntas frequentestraduzindo…

What is CVE-2024-47091 — Privilege Escalation in Checkmk Agent?

CVE-2024-47091 is a vulnerability in Checkmk Agent versions 2.4.0–2.4.0p29 that allows a local, unprivileged user to escalate their privileges to SYSTEM by creating a malicious Windows service. This can lead to complete system compromise.

Am I affected by CVE-2024-47091 in Checkmk Agent?

You are affected if you are running Checkmk Agent versions 2.4.0 through 2.4.0p29, or earlier 2.3.x and 2.2.x versions on Windows systems. Upgrade to 2.4.0p29 or later to mitigate the risk.

How do I fix CVE-2024-47091 in Checkmk Agent?

The recommended fix is to upgrade Checkmk Agent to version 2.4.0p29 or later. If upgrading is not immediately possible, implement stricter Windows service creation controls to prevent malicious service creation.

Is CVE-2024-47091 being actively exploited?

Currently, there are no known active campaigns exploiting CVE-2024-47091. However, the vulnerability's nature suggests it could be exploited in the future, so vigilance is advised.

Where can I find the official Checkmk advisory for CVE-2024-47091?

Refer to the official Checkmk security advisory for CVE-2024-47091 on the Checkmk website: [https://portal.checkmk.com/security/CVE-2024-47091](https://portal.checkmk.com/security/CVE-2024-47091)

Seu projeto está afetado?

Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.

Escanear grátis Buscar CVEs

ao vivoverificação gratuita

Experimente agora — sem conta

Faça upload de qualquer manifesto (composer.lock, package-lock.json, lista de plugins WordPress…) ou cole sua lista de componentes. Receba um relatório de vulnerabilidades instantaneamente. Fazer upload de um arquivo é só o começo: com uma conta, você obtém monitoramento contínuo, alertas por Slack/email, relatórios multiprojeto e white-label.

Escaneamento manualAlertas por Slack/e-mailMonitoramento ContínuoRelatórios de marca branca

Arraste e solte seu arquivo de dependências

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...

Procurar arquivos