CVE-2022-46302

HIGH

Apache - Remote Code Execution

Title source: llm

Description

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.

References (1)

[Mitigation, Vendor Advisory] https://checkmk.com/werk/14281

Scores

CVSS v3 8.8

EPSS 0.0179

EPSS Percentile 82.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-829

Status published

Products (2)

checkmk/checkmk 1.6.0 (36 CPE variants)

checkmk/checkmk 2.0.0 (14 CPE variants)

Published Apr 20, 2023

Tracked Since Feb 18, 2026