Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers.
“These vulnerabilities can be chained together by an unauthenticated, remote attacker to gain code execution on the server running Checkmk version 2.1.0p10 and lower,” SonarSource researcher Stefan Schiller said in a technical analysis.
Checkmk’s open source edition of the monitoring tool is based on Nagios Core and offers integrations with NagVis for the visualization and generation of topological maps of infrastructures, servers, ports, and processes.
According to its Munich-based developer tribe29 GmbH, its Enterprise and Raw editions are used by over 2,000 customers, including Airbus, Adobe, NASA, Siemens, Vodafone, and others.
images from Hacker News