Privilege escalation in agent via LD_LIBRARY_PATH
CVE-2023-31210

8.8HIGH

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 13 December 2023

What is CVE-2023-31210?

The Checkmk agent from versions 2.2.0p10 to 2.2.0p16 is vulnerable due to improper handling of the LD_LIBRARY_PATH environment variable. This flaw allows malicious users to inject malicious libraries, enabling privilege escalation and potential unauthorized access to system resources. Users utilizing these versions should take immediate action to remediate this vulnerability to safeguard their systems.

Affected Version(s)

Checkmk 2.2.0p10 < 2.2.0p17

References

https://checkmk.com/werk/16226

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Apr 25, 2023

Credit

We thank Jan-Philipp Litza for reporting this issue.

Checkmk Gmbh

What is CVE-2023-31210?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit