CVE-2024-3367 - OpenCVE

Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://checkmk.com/werk/16615

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Checkmk

Published: 2024-04-16T11:59:43.845Z

Updated: 2024-06-13T20:39:25.120Z

Reserved: 2024-04-05T08:38:32.436Z

Link: CVE-2024-3367

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-04-16T12:15:10.463

Modified: 2024-04-24T12:15:07.093

Link: CVE-2024-3367

JSON object: View

Redhat Information

No data.

CWE

CWE-349

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3367", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2024-04-05T08:38:32.436Z", "datePublished": "2024-04-16T11:59:43.845Z", "dateUpdated": "2024-06-13T20:39:25.120Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.3.0b5", "status": "affected", "version": "2.3.0", "versionType": "semver"}, {"lessThan": "2.2.0p26", "status": "affected", "version": "2.2.0", "versionType": "semver"}, {"lessThan": "2.1.0p99", "status": "affected", "version": "2.1.0", "versionType": "semver"}, {"lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc"}], "impacts": [{"capecId": "CAPEC-6", "descriptions": [{"lang": "en", "value": "CAPEC-6: Argument Injection"}]}], "metrics": [{"cvssV3_1": {"baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-349", "description": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2024-04-24T11:25:07.119Z"}, "references": [{"url": "https://checkmk.com/werk/16615"}], "title": "Argument injection to runmqsc"}, "adp": [{"affected": [{"vendor": "checkmk", "product": "checkmk", "cpes": ["cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.0.0", "status": "affected", "lessThan": "2.0.0p39", "versionType": "semver"}]}, {"vendor": "checkmk", "product": "checkmk", "cpes": ["cpe:2.3:a:checkmk:checkmk:2.1.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.1.0", "status": "affected", "lessThan": "2.1.0p99", "versionType": "semver"}]}, {"vendor": "checkmk", "product": "checkmk", "cpes": ["cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.2.0", "status": "affected", "lessThan": "2.2.0p26", "versionType": "semver"}]}, {"vendor": "checkmk", "product": "checkmk", "cpes": ["cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.3.0", "status": "affected", "lessThan": "2.3.0b5", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-24T14:21:12.926526Z", "id": "CVE-2024-3367", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T20:39:25.120Z"}}]}}