CVE-2024-6572

Summary

Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic

Affected Software

VendorProductVersion RangeStatus
Checkmk GmbHCheckmk2.3.0 < 2.3.0p15affected
Checkmk GmbHCheckmk2.2.0 < 2.2.0p33affected
Checkmk GmbHCheckmk2.1.0 < 2.1.0p48affected
Checkmk GmbHCheckmk2.0.0 <= 2.0.0p39affected

Weaknesses

  • CWE-322: CWE-322: Key Exchange without Entity Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References