CVE-2021-40904

moderate-risk
Published 2022-03-25

The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator.

Do I need to act?

!
19.1% chance of exploitation in next 30 days
EPSS score — higher than 81% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Checkmk

References (4)

Product http://checkmk.com
Exploit https://github.com/Edgarloyola/CVE-2021-40904
Product http://checkmk.com
Exploit https://github.com/Edgarloyola/CVE-2021-40904
49
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 14/34 · Moderate
Exposure 5/34 · Minimal