Werk 16845 was adapted. The following is the new Werk, a diff is shown at the end of the
message.
[//]: # (werk v2)
# fix a privilege escalation vulnerability in the Checkmk Windows Agent
key | value
---------- | ---
date | 2024-07-01T14:23:18+00:00
version | 2.3.0p8
class | security
edition | cre
component | checks
level | 2
compatible | yes
This Werk fixes a privilege escalation vulnerability in the Checkmk Windows
Agent.
Prior to this Werk, it was possible for authenticated users on the monitored
Windows host to execute commands as administrator account that is used to run
the Agent, allowing them to elevate their privileges.
The reason for this issue were excessive write permissions on the
`ProgramData\checkmk\agent` directory.
Note that you must update Checkmk as well as the agent in order to apply this
fix.
This issue was found in a commissioned penetration test conducted by modzero
GmbH.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
*Mitigations*:
If updating is not possible, you can manually remove write access for non-admin
users on the `ProgramData\checkmk\agent` folder.
To do this, navigate to the folder's property settings and make sure to verify
the special permissions and advanced permission settings in addition to the
basic permission settings.
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High
(`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`)
and assigned `CVE-2024-28827`.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
- # reserved
+ # fix a privilege escalation vulnerability in the Checkmk Windows Agent
key | value
---------- | ---
date | 2024-07-01T14:23:18+00:00
version | 2.3.0p8
- class | fix
? ^ ^
+ class | security
? ^^^^^ ^^
edition | cre
component | checks
level | 2
compatible | yes
- reserved
+ This Werk fixes a privilege escalation vulnerability in the Checkmk Windows
+ Agent.
+ Prior to this Werk, it was possible for authenticated users on the monitored
+ Windows host to execute commands as administrator account that is used to run
+ the Agent, allowing them to elevate their privileges.
+ The reason for this issue were excessive write permissions on the
+ `ProgramData\checkmk\agent` directory.
+
+ Note that you must update Checkmk as well as the agent in order to apply this
+ fix.
+
+ This issue was found in a commissioned penetration test conducted by modzero
+ GmbH.
+
+ *Affected Versions*:
+
+ * 2.3.0
+ * 2.2.0
+ * 2.1.0
+
+ *Mitigations*:
+
+ If updating is not possible, you can manually remove write access for non-admin
+ users on the `ProgramData\checkmk\agent` folder.
+ To do this, navigate to the folder's property settings and make sure to verify
+ the special permissions and advanced permission settings in addition to the
+ basic permission settings.
+
+ *Vulnerability Management*:
+
+ We have rated the issue with a CVSS Score of 8.8 High
(`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`)
+ and assigned `CVE-2024-28827`.
+
Show replies by date