CVE-2022-48321

Published: 20/02/2023 Updated: 09/01/2024

CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8

VMScore: 0

Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an malicious user to communicate with local network restricted endpoints by use of the host registration API.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tribe29 checkmk 2.1.0

Unauthenticated Arbitrary File Deletion by abusing Livestatus Query Language Injection in Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL)

CVE-2022-47909 - Unauthenticated Arbitrary File Deletion This exploit abuses two CVEs in Checkmk <= 210p11, Checkmk <= 200p28, and all versions of Checkmk 160 (EOL) to achieve unauthenticated arbitrary file deletion CVE-2022-48321 - An SSRF vulnerability in the Agent_Receiver endpoint of the CheckMK software By abusing the vulnerable /register_with_hostna

unauthenticated (2.1.0 - 2.1.0.p11) / authenticated (<2.1.0p12) RCE exploit for Checkmk.

checkmk-race unauthenticated (210 - 210p11) / authenticated (<210p12) RCE exploit for Checkmk SSRF---------->LQL Injection--->Arb File Deletion--->Race Condition--->Arb File Read--->Code Injection == Win! CVE-2022-48321 CVE-2022-46836

CWE-918 https://checkmk.com/werk/14385 https://www.sonarsource.com/blog/checkmk-rce-chain-1/https://nvd.nist.gov https://github.com/JacobEbben/CVE-2022-47909_unauth_arbitrary_file_deletion

CVE-2022-48321

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect