Dear Community,

We have been made aware of a vulnerability [1] in the MikroTik package [2] on the Checkmk Exchange.

The plugin does not verify TLS certificates when connecting to monitored devices. This means that a potential attacker able to intercept communication (MitM) can eavesdrop on or manipulate the data being transmitted. This may lead to exposure of confidential information, such as router credentials.

We have added a warning to the package description. The warning will be removed when a fix is available, though we cannot confirm a timeline for this.

Please note: Checkmk GmbH does not maintain Exchange packages, and notifications like this are offered on a best-effort basis.

Safe monitoring,
Your Checkmk Team.

[1] https://www.cve.org/CVERecord?id=CVE-2024-38861
[2] https://exchange.checkmk.com/p/mikrotik