CVE-2014-5339

Severity

49%

Complexity

68%

Confidentiality

81%

Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.

Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:P).

Overview

Type

Check_MK Project Check_MK

First reported 10 years ago

2014-09-02 14:55:00

Last updated 6 years ago

2018-10-09 19:50:00

Affected Software

Check_MK Project Check_MK 1.2.4

1.2.4

Check_MK Project Check_MK 1.2.4p1

1.2.4

Check_MK Project Check_MK 1.2.4p2

1.2.4

Check_MK Project Check_MK 1.2.5i1

1.2.5

Check_MK Project Check_MK 1.2.5i2

1.2.5

Check_MK Project Check_MK 1.2.5i3

1.2.5

References

http://mathias-kettner.de/check_mk_werks.php?werk_id=983

Patch, Vendor Advisory

http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.html

RHSA-2015:1495

20140820 Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.