CVE-2024-0670 - OpenCVE

Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Mar/29
https://checkmk.com/werk/16361

History

No history.

MITRE

Status: PUBLISHED

Assigner: Checkmk

Published: 2024-03-11T14:50:59.415Z

Updated: 2024-08-12T18:36:03.818Z

Reserved: 2024-01-18T09:51:30.688Z

Link: CVE-2024-0670

Vulnrichment

Updated: 2024-08-01T18:11:35.672Z

NVD

Status : Awaiting Analysis

Published: 2024-03-11T15:15:47.267

Modified: 2024-03-13T23:15:45.750

Link: CVE-2024-0670

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0670", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2024-01-18T09:51:30.688Z", "datePublished": "2024-03-11T14:50:59.415Z", "dateUpdated": "2024-08-12T18:36:03.818Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.2.0p23", "status": "affected", "version": "2.2.0", "versionType": "semver"}, {"lessThan": "2.1.0p40", "status": "affected", "version": "2.1.0", "versionType": "semver"}, {"lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2024-03-11T14:50:59.415Z"}, "references": [{"url": "https://checkmk.com/werk/16361"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/29"}], "title": "Privilege escalation in windows agent"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.672Z"}, "title": "CVE Program Container", "references": [{"url": "https://checkmk.com/werk/16361", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/29", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "checkmk", "product": "checkmk", "cpes": ["cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "2.2.0", "status": "affected", "lessThan": "2.2.0p23", "versionType": "semver"}, {"version": "2.1.0", "status": "affected", "lessThan": "2.1.0p40", "versionType": "semver"}, {"version": "2.0.0", "status": "affected", "lessThan": "2.0.0p39", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-12T18:21:01.803225Z", "id": "CVE-2024-0670", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T18:36:03.818Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://checkmk.com/werk/16361", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/29", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.672Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0670", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-12T18:21:01.803225Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*"], "vendor": "checkmk", "product": "checkmk", "versions": [{"status": "affected", "version": "2.2.0", "lessThan": "2.2.0p23", "versionType": "semver"}, {"status": "affected", "version": "2.1.0", "lessThan": "2.1.0p40", "versionType": "semver"}, {"status": "affected", "version": "2.0.0", "lessThan": "2.0.0p39", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T18:35:56.189Z"}}], "cna": {"title": "Privilege escalation in windows agent", "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}}], "affected": [{"vendor": "Checkmk GmbH", "product": "Checkmk", "versions": [{"status": "affected", "version": "2.2.0", "lessThan": "2.2.0p23", "versionType": "semver"}, {"status": "affected", "version": "2.1.0", "lessThan": "2.1.0p40", "versionType": "semver"}, {"status": "affected", "version": "2.0.0", "versionType": "semver", "lessThanOrEqual": "2.0.0p39"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://checkmk.com/werk/16361"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/29"}], "descriptions": [{"lang": "en", "value": "Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2024-03-11T14:50:59.415Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0670", "state": "PUBLISHED", "dateUpdated": "2024-08-12T18:36:03.818Z", "dateReserved": "2024-01-18T09:51:30.688Z", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "datePublished": "2024-03-11T14:50:59.415Z", "assignerShortName": "Checkmk"}, "dataVersion": "5.1"}