Werk #16845: fix a privilege escalation vulnerability in the Checkmk Windows Agent

Komponente

Checks & agents

Titel

fix a privilege escalation vulnerability in the Checkmk Windows Agent

Datum

01.07.2024

Level

Bedeutende Änderung

Klasse

Sicherheitsfix

Kompatibilität

Kompatibel - benötigt kein manuelles Eingreifen

Checkmk versions & editions

2.4.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p8	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p29	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0p45	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

This Werk fixes a privilege escalation vulnerability in the Checkmk Windows Agent.

Prior to this Werk, it was possible for authenticated users on the monitored Windows host to execute commands as administrator account that is used to run the Agent, allowing them to elevate their privileges. The reason for this issue were excessive write permissions on the ProgramData\checkmk\agent directory.

Note that you must update Checkmk as well as the agent in order to apply this fix.

This issue was found in a commissioned penetration test conducted by modzero GmbH.

Affected Versions:

2.3.0
2.2.0
2.1.0

Mitigations:

If updating is not possible, you can manually remove write access for non-admin users on the ProgramData\checkmk\agent folder. To do this, navigate to the folder's property settings and make sure to verify the special permissions and advanced permission settings in addition to the basic permission settings.

Vulnerability Management:

We have rated the issue with a CVSS Score of 8.8 High (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and assigned CVE-2024-28827.

Zur Liste aller Werks