CVE-2024-6572 Vulnerability Details

  /     /     /  

CVE-2024-6572 Metadata Quick Info

CVE Published: 09/09/2024 | CVE Updated: 09/09/2024 | CVE Year: 2024
Source: Checkmk | Vendor: Checkmk GmbH | Product: Checkmk
Status : PUBLISHED

---

CVE-2024-6572 Description

Improper host key checking in active check \'Check SFTP Service\' and special agent \'VNX quotas and filesystem\' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-322
CWE Name: CWE-322: Key Exchange without Entity Authentication
Source: Checkmk GmbH

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-94
CAPEC Description: CAPEC-94: Adversary in the Middle (AiTM)


Source: NVD (National Vulnerability Database).