CVE-2024-13723

Summary

The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.

Affected Software

VendorProductVersion RangeStatus
CheckmkNagVisNagVis 1.9.40 < 1.9.42affected
CheckmkNagVisCheckmk 2.3.0p2 < 2.3.0p10affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References