CVE-2024-13723

Published: Feb 4, 2025Modified: Nov 3, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (7)

https://checkmk.com/werks?version=2.3.0p10

Source: bbf0bd87-ece2-41be-b873-96928ee8fab9

https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt

Source: bbf0bd87-ece2-41be-b873-96928ee8fab9

https://www.nagvis.org/downloads/changelog/1.9.42

Source: bbf0bd87-ece2-41be-b873-96928ee8fab9

http://seclists.org/fulldisclosure/2025/Feb/4

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/02/04/4

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/05/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.