CVE-2024-28824

HIGH

Checkmk <2.3.0b4-2.0.0 - Privilege Escalation

Title source: llm

Description

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.

References (1)

[Vendor Advisory] https://checkmk.com/werk/16198

Scores

CVSS v3 8.8

EPSS 0.0009

EPSS Percentile 25.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-807 CWE-272

Status published

Products (1)

checkmk/checkmk 2.1.0 (50 CPE variants)

Published Mar 22, 2024

Tracked Since Feb 18, 2026