Dear Community,
We have been made aware of a vulnerability [1] in the MikroTik package [2]
on the Checkmk Exchange.
The plugin does not verify TLS certificates when connecting to monitored
devices. This means that a potential attacker able to intercept
communication (MitM) can eavesdrop on or manipulate the data being
transmitted. This may lead to exposure of confidential information, such as
router credentials.
We have added a warning to the package description. The warning will be
removed when a fix is available, though we cannot confirm a timeline for
this.
Please note: Checkmk GmbH does not maintain Exchange packages, and
notifications like this are offered on a best-effort basis.
Safe monitoring,
Your Checkmk Team.
[1]
https://www.cve.org/CVERecord?id=CVE-2024-38861
[2]
https://exchange.checkmk.com/p/mikrotik