CVE-2024-47091

Summary

Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.

Affected Software

VendorProductVersion RangeStatus
Checkmk GmbHCheckmk2.4.0 < 2.4.0p29affected
Checkmk GmbHCheckmk2.3.0 < 2.3.0p47affected
Checkmk GmbHCheckmk2.2.0affected

Weaknesses

  • CWE-427: CWE-427 Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References