The Checkmk IT Infrastructure monitoring software has a number of flaws that have been publicly revealed and could be exploited by a remote, unauthenticated attacker to completely take control of the vulnerable systems.

Stefan Schiller, a SonarSource researcher, wrote in a technical study that “these vulnerabilities can be chained together by an unauthenticated, remote attacker to gain code execution on the server using Checkmk version 2.1.0p10 and lower.”

ALSO, READ Researchers Disclose Details of Critical ‘CosMiss’ RCE Flaw Affecting Azure Cosmos DB

Checkmk’s open source edition of the monitoring tool is based on Nagios Core and offers integrations with NagVis for the visualization and generation of topological maps of infrastructures, servers, ports, and processes.

Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software

According to its Munich-based developer tribe29 GmbH, its Enterprise and Raw editions are used by over 2,000 customers, including Airbus, Adobe, NASA, Siemens, Vodafone, and others.

The four vulnerabilities, which consist of two Critical and two Medium severity bugs, are as follows –

• A code injection flaw in watolib’s auth.php (CVSS score: 9.1)
• An arbitrary file read flaw in NagVis (CVSS score: 9.1)
• A command injection flaw Checkmk’s Livestatus wrapper and Python API (CVSS score: 6.8), and
• A server-side request forgery (SSRF) flaw in the host registration API (CVSS score: 5.0)

While these shortcomings on their own have a limited impact, an adversary can chain the issues, starting with the SSRF flaw to access an endpoint only reachable from localhost, using it to bypass authentication and read a configuration file, ultimately gaining access to the Checkmk GUI.

ALSO, READ US Rolls Out Voluntary Cybersecurity Goals

“This access can further be turned into remote code execution by exploiting a Code Injection vulnerability in a Checkmk GUI subcomponent called watolib, which generates a file named auth.php required for the NagVis integration,” Schiller explained.

Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software

ALSO, READ Types Of Cybercrime And Protective Measures Against Them (2022)

Following responsible disclosure on August 22, 2022, the four vulnerabilities have been patched in Checkmk version 2.1.0p12 released on September 15, 2022.

The findings follow the discovery of multiple flaws in other monitoring solutions like Zabbix and Icinga since the start of the year, which could have been exploited to compromise the servers by running arbitrary code.

CYBERINFORMER.NET –  brings updates on the latest cyber security tips, online safety tips and cyber information, cyber security courses for Nigerians and Foreigners, Cyber security jobs for seekers and much more…

Here, you can read and share thoughts, ideas, and opinions and get updates from around the globe in the world of CYBERSECURITY.