OpenCVE

Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://checkmk.com/werk/16615

History

Mon, 26 Aug 2024 10:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-349

Mon, 26 Aug 2024 10:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-88

MITRE

Status: PUBLISHED

Assigner: Checkmk

Published: 2024-04-16T11:59:43.845Z

Updated: 2024-08-26T09:48:37.438Z

Reserved: 2024-04-05T08:38:32.436Z

Link: CVE-2024-3367

Vulnrichment

Updated: 2024-08-01T20:05:08.548Z

NVD

Status : Awaiting Analysis

Published: 2024-04-16T12:15:10.463

Modified: 2024-08-26T10:15:05.743

Link: CVE-2024-3367

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3367", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2024-04-05T08:38:32.436Z", "datePublished": "2024-04-16T11:59:43.845Z", "dateUpdated": "2024-08-26T09:48:37.438Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.3.0b5", "status": "affected", "version": "2.3.0", "versionType": "semver"}, {"lessThan": "2.2.0p26", "status": "affected", "version": "2.2.0", "versionType": "semver"}, {"lessThan": "2.1.0p99", "status": "affected", "version": "2.1.0", "versionType": "semver"}, {"lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc"}], "impacts": [{"capecId": "CAPEC-6", "descriptions": [{"lang": "en", "value": "CAPEC-6: Argument Injection"}]}], "metrics": [{"cvssV3_1": {"baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-88", "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2024-08-26T09:48:37.438Z"}, "references": [{"url": "https://checkmk.com/werk/16615"}], "title": "Argument injection to runmqsc"}, "adp": [{"affected": [{"vendor": "checkmk", "product": "checkmk", "cpes": ["cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.0.0", "status": "affected", "lessThan": "2.0.0p39", "versionType": "semver"}]}, {"vendor": "checkmk", "product": "checkmk", "cpes": ["cpe:2.3:a:checkmk:checkmk:2.1.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.1.0", "status": "affected", "lessThan": "2.1.0p99", "versionType": "semver"}]}, {"vendor": "checkmk", "product": "checkmk", "cpes": ["cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.2.0", "status": "affected", "lessThan": "2.2.0p26", "versionType": "semver"}]}, {"vendor": "checkmk", "product": "checkmk", "cpes": ["cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.3.0", "status": "affected", "lessThan": "2.3.0b5", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-24T14:21:12.926526Z", "id": "CVE-2024-3367", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T20:39:25.120Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.548Z"}, "title": "CVE Program Container", "references": [{"url": "https://checkmk.com/werk/16615", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://checkmk.com/werk/16615", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.548Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3367", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-24T14:21:12.926526Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:*"], "vendor": "checkmk", "product": "checkmk", "versions": [{"status": "affected", "version": "2.0.0", "lessThan": "2.0.0p39", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:checkmk:checkmk:2.1.0:*:*:*:*:*:*:*"], "vendor": "checkmk", "product": "checkmk", "versions": [{"status": "affected", "version": "2.1.0", "lessThan": "2.1.0p99", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*"], "vendor": "checkmk", "product": "checkmk", "versions": [{"status": "affected", "version": "2.2.0", "lessThan": "2.2.0p26", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*"], "vendor": "checkmk", "product": "checkmk", "versions": [{"status": "affected", "version": "2.3.0", "lessThan": "2.3.0b5", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-24T14:00:54.301Z"}}], "cna": {"title": "Argument injection to runmqsc", "impacts": [{"capecId": "CAPEC-6", "descriptions": [{"lang": "en", "value": "CAPEC-6: Argument Injection"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"}}], "affected": [{"vendor": "Checkmk GmbH", "product": "Checkmk", "versions": [{"status": "affected", "version": "2.3.0", "lessThan": "2.3.0b5", "versionType": "semver"}, {"status": "affected", "version": "2.2.0", "lessThan": "2.2.0p26", "versionType": "semver"}, {"status": "affected", "version": "2.1.0", "lessThan": "2.1.0p99", "versionType": "semver"}, {"status": "affected", "version": "2.0.0", "versionType": "semver", "lessThanOrEqual": "2.0.0p39"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://checkmk.com/werk/16615"}], "descriptions": [{"lang": "en", "value": "Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-88", "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2024-08-26T09:48:37.438Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3367", "state": "PUBLISHED", "dateUpdated": "2024-08-26T09:48:37.438Z", "dateReserved": "2024-04-05T08:38:32.436Z", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "datePublished": "2024-04-16T11:59:43.845Z", "assignerShortName": "Checkmk"}, "dataVersion": "5.1"}