Man-in-the-Middle Attack on SFTP Service Allows Interception of Traffic
CVE-2024-6572

Currently unrated

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 9 September 2024

Summary

Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic

Affected Version(s)

Checkmk 2.3.0 < 2.3.0p15

Checkmk 2.2.0 < 2.2.0p33

Checkmk 2.1.0 < 2.1.0p48

References

https://checkmk.com/werk/17148

Timeline

Vulnerability published
Sep 9, 2024
Vulnerability Reserved
Jul 8, 2024