What is CVE-2020-24908?

CVE-2020-24908 is a vulnerability in Checkmk before 1.6.0p17 that allows local users to obtain SYSTEM privileges via a Trojan horse shell script in a specific directory.

What is the severity of CVE-2020-24908?

The severity of CVE-2020-24908 is high with a CVSS score of 7.8.

How does CVE-2020-24908 affect Checkmk?

CVE-2020-24908 affects Checkmk versions before 1.6.0p17.

How can local users exploit CVE-2020-24908?

Local users can exploit CVE-2020-24908 by placing a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.

Is there a fix available for CVE-2020-24908?

Yes, the fix for CVE-2020-24908 is included in Checkmk version 1.6.0p17.

Vulnerability/
CVE-2020-24908

high

7.8

19/2/2021

4/8/2024

CVE-2020-24908

First published: Fri Feb 19 2021(Updated: )

Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Checkmk NagVis	<1.6.0
Checkmk NagVis	=1.6.0
Checkmk NagVis	=1.6.0-p1
Checkmk NagVis	=1.6.0-p10
Checkmk NagVis	=1.6.0-p11
Checkmk NagVis	=1.6.0-p12
Checkmk NagVis	=1.6.0-p13
Checkmk NagVis	=1.6.0-p14
Checkmk NagVis	=1.6.0-p15
Checkmk NagVis	=1.6.0-p16
Checkmk NagVis	=1.6.0-p2
Checkmk NagVis	=1.6.0-p3
Checkmk NagVis	=1.6.0-p4
Checkmk NagVis	=1.6.0-p5
Checkmk NagVis	=1.6.0-p6
Checkmk NagVis	=1.6.0-p7
Checkmk NagVis	=1.6.0-p8
Checkmk NagVis	=1.6.0-p9
Checkmk NagVis	<1.6.0
Checkmk NagVis	=1.6.0
Checkmk NagVis	=1.6.0-p1
Checkmk NagVis	=1.6.0-p10
Checkmk NagVis	=1.6.0-p11
Checkmk NagVis	=1.6.0-p12
Checkmk NagVis	=1.6.0-p13
Checkmk NagVis	=1.6.0-p14
Checkmk NagVis	=1.6.0-p15
Checkmk NagVis	=1.6.0-p16
Checkmk NagVis	=1.6.0-p2
Checkmk NagVis	=1.6.0-p3
Checkmk NagVis	=1.6.0-p4
Checkmk NagVis	=1.6.0-p5
Checkmk NagVis	=1.6.0-p6
Checkmk NagVis	=1.6.0-p7
Checkmk NagVis	=1.6.0-p8
Checkmk NagVis	=1.6.0-p9

Never miss a vulnerability like this again

Reference Links

https://compass-security.com/fileadmin/Research/Advisories/2020-05_CSNC-2020-005_Checkmk_Local_Privilege_Escalation.txt

Frequently Asked Questions

What is CVE-2020-24908?
CVE-2020-24908 is a vulnerability in Checkmk before 1.6.0p17 that allows local users to obtain SYSTEM privileges via a Trojan horse shell script in a specific directory.
What is the severity of CVE-2020-24908?
The severity of CVE-2020-24908 is high with a CVSS score of 7.8.
How does CVE-2020-24908 affect Checkmk?
CVE-2020-24908 affects Checkmk versions before 1.6.0p17.
How can local users exploit CVE-2020-24908?
Local users can exploit CVE-2020-24908 by placing a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.
Is there a fix available for CVE-2020-24908?
Yes, the fix for CVE-2020-24908 is included in Checkmk version 1.6.0p17.

agent/type
agent/severity
agent/author
agent/references
agent/description
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/tribe29
canonical/checkmk nagvis
version/checkmk nagvis/1.6.0
version/checkmk nagvis/1.6.0-p1
version/checkmk nagvis/1.6.0-p10
version/checkmk nagvis/1.6.0-p11
version/checkmk nagvis/1.6.0-p12
version/checkmk nagvis/1.6.0-p13
version/checkmk nagvis/1.6.0-p14
version/checkmk nagvis/1.6.0-p15
version/checkmk nagvis/1.6.0-p16
version/checkmk nagvis/1.6.0-p2
version/checkmk nagvis/1.6.0-p3
version/checkmk nagvis/1.6.0-p4
version/checkmk nagvis/1.6.0-p5
version/checkmk nagvis/1.6.0-p6
version/checkmk nagvis/1.6.0-p7
version/checkmk nagvis/1.6.0-p8
version/checkmk nagvis/1.6.0-p9
vendor/checkmk