The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Check Mk Project
  • Check Mk
Redhat
  • Storage

Configuration 1 [-]

OR cpe:2.3:a:check_mk_project:check_mk:*:p3:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.4:p1:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.4:p2:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.5:i1:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.5:i2:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.5:i3:*:*:*:*:*:*
Package CPE Advisory Released Date
Native Client for RHEL 5 for Red Hat Storage
glusterfs-0:3.7.1-11.el5 cpe:/a:redhat:storage:2:client:el5 RHSA-2015:1495 2015-07-29T00:00:00Z
Native Client for RHEL 6 for Red Hat Storage
glusterfs-0:3.7.1-11.el6 cpe:/a:redhat:storage:3:client:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
Red Hat Gluster Storage 3.1 for RHEL 6
augeas-0:1.0.0-10.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
check-mk-0:1.2.6p1-3.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
clufter-0:0.11.2-1.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
cluster-0:3.0.12.1-73.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
clustermon-0:0.16.2-31.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
corosync-0:1.4.7-2.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
ctdb2.5-0:2.5.5-7.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
fence-virt-0:0.2.3-19.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
glusterfs-0:3.7.1-11.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
gluster-nagios-addons-0:0.2.4-4.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
gluster-nagios-common-0:0.2.0-1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
gstatus-0:0.64-3.1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
libqb-0:0.17.1-1.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
libtalloc-0:2.1.1-4.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
libvirt-0:0.10.2-54.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
nagios-plugins-0:1.4.16-12.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
nagios-server-addons-0:0.2.1-4.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
nfs-ganesha-0:2.2.0-5.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
nrpe-0:2.15-4.1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
openais-0:1.1.1-7.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
openstack-swift-0:1.13.1-4.el6ost cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
pacemaker-0:1.1.12-8.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
pcs-0:0.9.139-9.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
pnp4nagios-0:0.6.22-2.1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
pynag-0:0.9.1-1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-blivet-1:1.0.0.2-1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-cpopen-0:1.3-4.el6_5 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-eventlet-0:0.14.0-1.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-greenlet-0:0.4.2-1.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-keystoneclient-1:0.9.0-5.el6ost cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-prettytable-0:0.7.2-1.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
python-pyudev-0:0.15-2.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
redhat-storage-logos-0:60.0.20-1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
redhat-storage-server-0:3.1.0.3-1.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
resource-agents-0:3.9.5-24.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
ricci-0:0.16.2-81.el6 cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
userspace-rcu-0:0.7.9-2.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
vdsm-0:4.16.20-1.2.el6rhs cpe:/a:redhat:storage:3.1:nfs:el6 RHSA-2015:1495 2015-07-29T00:00:00Z
References
Link Providers
http://mathias-kettner.de/check_mk_werks.php?werk_id=984 cve-icon cve-icon
http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1495.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/533180/100/0/threaded cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-5340 cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-5340 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-09-02T14:00:00

Updated: 2024-08-06T11:41:48.661Z

Reserved: 2014-08-18T00:00:00

Link: CVE-2014-5340

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-09-02T14:55:03.683

Modified: 2018-10-09T19:50:08.943

Link: CVE-2014-5340

cve-icon Redhat

Severity : Important

Publid Date: 2014-05-05T00:00:00Z

Links: CVE-2014-5340 - Bugzilla