Man-in-the-Middle Attack on SFTP Service Allows Interception of Traffic
CVE-2024-6572

Currently unrated

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 9 September 2024

🔔 Create Checkmk Gmbh Vulnerability Alert

What is CVE-2024-6572?

Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic

Affected Version(s)

Checkmk 2.3.0 < 2.3.0p15

Checkmk 2.2.0 < 2.2.0p33

Checkmk 2.1.0 < 2.1.0p48

References

https://checkmk.com/werk/17148

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2024
Vulnerability Reserved
Jul 8, 2024