Researchers at code security firm Sonar Source have shared details on multiple Checkmk vulnerabilities that could be chained together to execute code remotely, without authentication.
Checkmk, an IT infrastructure monitoring solution created in Python and C++, enables businesses to keep an eye on servers, containers, cloud infrastructure, networks, databases, and other assets through a single web interface. The business has discovered four vulnerabilities in Checkmk and its integration with NagVis, including two with a severity rating of “critical” (CVSS score of 9.1).
Also Read: Top Four Implementation Impediments for Password less Authentication
According to Sonar Source, an unauthenticated, remote attacker “can be chained together by these security flaws to completely take control of the server running a vulnerable version of Checkmk.”
Read More: Checkmk Vulnerabilities Can Be Chained for Remote Code Execution
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
