CVE-2017-14955
Last modified
CVE-2017-14955 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.. EPSS estimates a 12.13% chance of exploitation in the next 30 days.
Description
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Checkmk | Checkmk | 1.2.3 | I6 |
| Checkmk | Checkmk | 1.2.4 | B1 |
| Checkmk | Checkmk | 1.2.5 | I1 |
| Checkmk | Checkmk | 1.2.6 | B1 |
| Checkmk | Checkmk | 1.2.7 | I1 |
| Checkmk | Checkmk | 1.2.8 | P18 |
References
- http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8Release Notes, Third Party Advisory
- https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yesThird Party Advisory
- https://www.exploit-db.com/exploits/43021/Third Party Advisory, VDB Entry
- http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8Release Notes, Third Party Advisory
- https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yesThird Party Advisory
- https://www.exploit-db.com/exploits/43021/Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-14955?
How severe is CVE-2017-14955?
How do I fix CVE-2017-14955?
Are you affected by CVE-2017-14955?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST