CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software

admin by admin
November 2, 2022
in Information Security


Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers.

“These vulnerabilities can be chained together by an unauthenticated, remote attacker to gain code execution on the server running Checkmk version 2.1.0p10 and lower,” SonarSource researcher Stefan Schiller said in a technical analysis.

Checkmk’s open source edition of the monitoring tool is based on Nagios Core and offers integrations with NagVis for the visualization and generation of topological maps of infrastructures, servers, ports, and processes.

According to its Munich-based developer tribe29 GmbH, its Enterprise and Raw editions are used by over 2,000 customers, including Airbus, Adobe, NASA, Siemens, Vodafone, and others.

Checkmk IT Infrastructure Monitoring Software

The four vulnerabilities, which consist of two Critical and two Medium severity bugs, are as follows –

While these shortcomings on their own have a limited impact, an adversary can chain the issues, starting with the SSRF flaw to access an endpoint only reachable from localhost, using it to bypass authentication and read a configuration file, ultimately gaining access to the Checkmk GUI.

CyberSecurity

“This access can further be turned into remote code execution by exploiting a Code Injection vulnerability in a Checkmk GUI subcomponent called watolib, which generates a file named auth.php required for the NagVis integration,” Schiller explained.

Following responsible disclosure on August 22, 2022, the four vulnerabilities have been patched in Checkmk version 2.1.0p12 released on September 15, 2022.

The findings follow the discovery of multiple flaws in other monitoring solutions like Zabbix and Icinga since the start of the year, which could have been exploited to compromise the servers by running arbitrary code.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Export historical Security Hub findings to an S3 bucket to enable complex analytics

Next Post

Initiatetalentgrowth ~ Future of CIO

Related Posts

Information Security

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

by admin
March 24, 2023
Information Security

Automate the deployment of an NGINX web service using Amazon ECS with TLS offload in CloudHSM

by admin
March 24, 2023
Information Security

AV-Comparatives Anti-Phishing Test | Avast

by admin
March 24, 2023
Information Security

Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

by admin
March 23, 2023
Information Security

New Instagram scam uses fake SHEIN gift cards as lure

by admin
March 23, 2023
Next Post

Initiatetalentgrowth ~ Future of CIO

Recommended

Illuminatesilience

March 25, 2023

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

March 24, 2023

Automate the deployment of an NGINX web service using Amazon ECS with TLS offload in CloudHSM

March 24, 2023

AV-Comparatives Anti-Phishing Test | Avast

March 24, 2023

Innateniche

March 24, 2023

The Importance of Sustainable Technology

March 23, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.