cve-2024-3367
Vulnerability from cvelistv5
Published
2024-04-16 11:59
Modified
2024-08-26 09:48
Severity ?
EPSS score ?
Summary
Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@checkmk.com | https://checkmk.com/werk/16615 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://checkmk.com/werk/16615 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Checkmk GmbH | Checkmk |
Version: 2.3.0 ≤ Version: 2.2.0 ≤ Version: 2.1.0 ≤ Version: 2.0.0 ≤ 2.0.0p39 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "checkmk",
"vendor": "checkmk",
"versions": [
{
"lessThan": "2.0.0p39",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkmk:checkmk:2.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "checkmk",
"vendor": "checkmk",
"versions": [
{
"lessThan": "2.1.0p99",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "checkmk",
"vendor": "checkmk",
"versions": [
{
"lessThan": "2.2.0p26",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "checkmk",
"vendor": "checkmk",
"versions": [
{
"lessThan": "2.3.0b5",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-24T14:21:12.926526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T20:39:25.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/16615"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "2.3.0b5",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThan": "2.2.0p26",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThan": "2.1.0p99",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.0p39",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, \u003c2.2.0p26 and \u003c2.3.0b5 allows local attacker to inject one argument to runmqsc"
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6: Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T09:48:37.438Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/16615"
}
],
"title": "Argument injection to runmqsc"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2024-3367",
"datePublished": "2024-04-16T11:59:43.845Z",
"dateReserved": "2024-04-05T08:38:32.436Z",
"dateUpdated": "2024-08-26T09:48:37.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-3367\",\"sourceIdentifier\":\"security@checkmk.com\",\"published\":\"2024-04-16T12:15:10.463\",\"lastModified\":\"2024-12-05T14:28:32.407\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, \u003c2.2.0p26 and \u003c2.3.0b5 allows local attacker to inject one argument to runmqsc\"},{\"lang\":\"es\",\"value\":\"La inyecci\u00f3n de argumentos en el complemento del agente websphere_mq en Checkmk 2.0.0, 2.1.0, \u0026lt;2.2.0p25 y \u0026lt;2.3.0b5 permite a un atacante local inyectar un argumento para ejecutar mqsc\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@checkmk.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@checkmk.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.0\",\"matchCriteriaId\":\"C59985CE-68DF-433D-87BD-97EDCA81E039\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A6AED3C-E447-429C-A028-B100CD51AB7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C66704F1-0B5E-4B43-8748-987022F378F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B068974F-6F67-4CBB-B567-FCED86E28F22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA70F36A-EEF6-48DC-B15E-055D0DE8A052\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2017F38-38DB-4E96-B34F-160BC731CBBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*\",\"matchCriteriaId\":\"0949F399-371B-409C-AF9F-32690D881440\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*\",\"matchCriteriaId\":\"42E1E31A-B5CC-45F2-A2E5-3EEF735499BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B364FCA-500C-458E-B997-82CD0B1D24F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B32E657-917B-482B-B6A4-3D3746992A4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*\",\"matchCriteriaId\":\"2119C732-E024-4DA6-8E47-9E08E5E12602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F0B99A8-A124-43BD-B8AA-EECC9112346F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FB7221E-BE9F-4529-8E07-8AD547FA3208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"30A074AD-9499-46E3-AB67-D6CEE3AA01C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8BD0240-A22B-4273-BD47-C35A8C12E127\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAA5680F-1DD0-48AA-BB7F-15B27365F0FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC2F31CA-D4EB-44E6-9A09-5255D33F4A88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD80BD69-20C6-4E17-B165-98689179A5A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"B044D43B-0233-4A0D-A356-B9F9324E2777\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DE79896-EBE5-42F2-A126-2A871BBA1071\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*\",\"matchCriteriaId\":\"51A44E69-EEA1-4B01-B7B3-5BF7B39819E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCB65AEB-CF52-410B-92B1-2DCFB914FFA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7E17FA6-9011-489C-9FA9-368CA2D86FAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BCEB6FF-668F-4313-9264-0BF021AFC45F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B27218-A4FF-47BE-B578-6DB704478921\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*\",\"matchCriteriaId\":\"8735357F-16A7-4408-9DDD-1C6796BADBE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*\",\"matchCriteriaId\":\"4505098C-0A2B-481E-A3DF-D6DF8EFA4DE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*\",\"matchCriteriaId\":\"C12AFCCF-014E-4EEB-8F04-F1ACE182BA98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:*\",\"matchCriteriaId\":\"66B85557-D5EC-4AF4-B97A-D2B80A58B3B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:*\",\"matchCriteriaId\":\"233ECD21-FA72-43AF-8E4C-DAC27CC18F3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2342E2D-58B0-43E7-8C01-DF4678520F39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1871B646-CA69-477F-B113-B901AC7B3934\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEC65A72-CAE1-4E28-83EF-7ECAFE921BB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8FDECBC-8213-495F-A932-C4310F7C1F87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB49BC95-6AA8-4F53-A3D6-E199BF756AAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"050B6617-8FD4-47A6-BE4A-A52503A65812\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CA0FEC5-7036-47AF-A341-873B6C324B58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A020A77-7D84-4557-9B0B-D74A89BC1538\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9770554-978B-4552-9E0E-CD6B6675243C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1883D2F4-CB96-4DDE-87E8-D1990A3FA092\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkmk:checkmk:2.3.0:b4:*:*:*:*:*:*\",\"matchCriteriaId\":\"99AD6F39-AF67-4CB9-BED2-00CA75B9F5DB\"}]}]}],\"references\":[{\"url\":\"https://checkmk.com/werk/16615\",\"source\":\"security@checkmk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://checkmk.com/werk/16615\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.