A high-risk vulnerability, identified as CVE-2024-0638, has been detected in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs. This vulnerability allows local users to escalate privileges on systems running affected versions of Checkmk.
The vulnerability arises from a least privilege violation, where elevated privilege levels required for certain operations are not properly dropped after execution. As a result, local users can exploit this flaw to gain elevated privileges on vulnerable systems.
With a CVSS base score of 8.2, denoting high severity, and an EPSS prediction indicating a non-trivial probability of exploitation activity in the near future, immediate action is necessary to mitigate this risk. The impact of this vulnerability includes unauthorized access, data manipulation, and potential system compromise.
Affected versions of Checkmk include those before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41, and 2.0.0 (EOL). Organizations utilizing these versions are strongly advised to update to patched versions or apply relevant security fixes to remediate the vulnerability.
Mitigation strategies also include reviewing access controls and restricting privileges for local users to minimize the risk of exploitation. Additionally, monitoring for any unusual activity or unauthorized access attempts can help detect and respond to potential threats promptly.
Failure to address this vulnerability promptly could lead to severe consequences, including unauthorized access to sensitive data, system compromise, and reputational damage. By prioritizing security updates and implementing proactive measures, organizations can safeguard their systems against the risk posed by CVE-2024-0638.
