Werk 16845 was adapted. The following is the new Werk, a diff is shown at the end of the
message.
[//]: # (werk v2)
# reserved
key | value
---------- | ---
date | 2024-07-01T14:23:18+00:00
version | 2.3.0p8
class | fix
edition | cre
component | checks
level | 2
compatible | yes
reserved
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
- # fix a privilege escalation vulnerability in the Checkmk Windows Agent
+ # reserved
key | value
---------- | ---
date | 2024-07-01T14:23:18+00:00
version | 2.3.0p8
- class | security
? ^^^^^ ^^
+ class | fix
? ^ ^
edition | cre
component | checks
level | 2
compatible | yes
+ reserved
- This Werk fixes a privilege escalation vulnerability in the Checkmk Windows
- Agent.
- Prior to this Werk, it was possible for authenticated users on the monitored
- Windows host to execute commands as administrator account that is used to run
- the Agent, allowing them to elevate their privileges.
- The reason for this issue were excessive write permissions on the
- `ProgramData\checkmk\agent` directory.
-
- Note that you must update Checkmk as well as the agent in order to apply this
- fix.
-
- This issue was found in a commissioned penetration test conducted by modzero
- GmbH.
-
- *Affected Versions*:
-
- * 2.3.0
- * 2.2.0
- * 2.1.0
-
- *Mitigations*:
-
- If updating is not possible, you can manually remove write access for non-admin
- users on the `ProgramData\checkmk\agent` folder.
- To do this, navigate to the folder's property settings and make sure to verify
- the special permissions and advanced permission settings in addition to the
- basic permission settings.
-
- *Vulnerability Management*:
-
- We have rated the issue with a CVSS Score of 8.8 High
(`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`)
- and assigned `CVE-2024-28827`.
-
Show replies by date