CVE-2022-46302
high-risk
Published 2023-04-20
Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.
Do I need to act?
~
1.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
Affected Vendors
References (2)
Mitigation
https://checkmk.com/werk/14281
Mitigation
https://checkmk.com/werk/14281
59
/ 100
high-risk
Severity
27/34 · High
Exploitability
3/34 · Minimal
Exposure
29/34 · Critical