What is the severity of CVE-2024-28827?

CVE-2024-28827 has a high severity rating due to its potential to allow local attackers to gain SYSTEM privileges.

How do I fix CVE-2024-28827?

To fix CVE-2024-28827, update the Checkmk Windows Agent to versions 2.3.0p8 or later, 2.2.0p29 or later, 2.1.0p45 or later, or 2.0.0p39 or later.

Who is affected by CVE-2024-28827?

CVE-2024-28827 affects Checkmk versions below 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0p39.

What type of vulnerability is CVE-2024-28827?

CVE-2024-28827 is a local privilege escalation vulnerability due to incorrect permissions.

Is there a workaround for CVE-2024-28827 until I can update?

There is no official workaround for CVE-2024-28827, so updating to a secure version is strongly recommended.

Vulnerability/
CVE-2024-28827

high

8.8

CWE

732

10/7/2024

4/12/2024

CVE-2024-28827: Privilege escalation in Windows agent

First published: Wed Jul 10 2024(Updated: )

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.

Credit: security@checkmk.com

Affected Software	Affected Version	How to fix
Checkmk NagVis	<=2.0.0
Checkmk NagVis	=2.1.0
Checkmk NagVis	=2.1.0-b1
Checkmk NagVis	=2.1.0-b2
Checkmk NagVis	=2.1.0-b3
Checkmk NagVis	=2.1.0-b4
Checkmk NagVis	=2.1.0-b5
Checkmk NagVis	=2.1.0-b6
Checkmk NagVis	=2.1.0-b7
Checkmk NagVis	=2.1.0-b8
Checkmk NagVis	=2.1.0-b9
Checkmk NagVis	=2.1.0-p1
Checkmk NagVis	=2.1.0-p10
Checkmk NagVis	=2.1.0-p11
Checkmk NagVis	=2.1.0-p12
Checkmk NagVis	=2.1.0-p13
Checkmk NagVis	=2.1.0-p14
Checkmk NagVis	=2.1.0-p15
Checkmk NagVis	=2.1.0-p16
Checkmk NagVis	=2.1.0-p17
Checkmk NagVis	=2.1.0-p18
Checkmk NagVis	=2.1.0-p19
Checkmk NagVis	=2.1.0-p2
Checkmk NagVis	=2.1.0-p20
Checkmk NagVis	=2.1.0-p21
Checkmk NagVis	=2.1.0-p22
Checkmk NagVis	=2.1.0-p23
Checkmk NagVis	=2.1.0-p24
Checkmk NagVis	=2.1.0-p25
Checkmk NagVis	=2.1.0-p26
Checkmk NagVis	=2.1.0-p27
Checkmk NagVis	=2.1.0-p28
Checkmk NagVis	=2.1.0-p29
Checkmk NagVis	=2.1.0-p3
Checkmk NagVis	=2.1.0-p30
Checkmk NagVis	=2.1.0-p31
Checkmk NagVis	=2.1.0-p32
Checkmk NagVis	=2.1.0-p33
Checkmk NagVis	=2.1.0-p34
Checkmk NagVis	=2.1.0-p35
Checkmk NagVis	=2.1.0-p36
Checkmk NagVis	=2.1.0-p37
Checkmk NagVis	=2.1.0-p38
Checkmk NagVis	=2.1.0-p39
Checkmk NagVis	=2.1.0-p4
Checkmk NagVis	=2.1.0-p40
Checkmk NagVis	=2.1.0-p41
Checkmk NagVis	=2.1.0-p42
Checkmk NagVis	=2.1.0-p43
Checkmk NagVis	=2.1.0-p44
Checkmk NagVis	=2.1.0-p5
Checkmk NagVis	=2.1.0-p6
Checkmk NagVis	=2.1.0-p7
Checkmk NagVis	=2.1.0-p8
Checkmk NagVis	=2.1.0-p9
Checkmk NagVis	=2.2.0
Checkmk NagVis	=2.2.0-b1
Checkmk NagVis	=2.2.0-b2
Checkmk NagVis	=2.2.0-b3
Checkmk NagVis	=2.2.0-b4
Checkmk NagVis	=2.2.0-b5
Checkmk NagVis	=2.2.0-b6
Checkmk NagVis	=2.2.0-b7
Checkmk NagVis	=2.2.0-b8
Checkmk NagVis	=2.2.0-i1
Checkmk NagVis	=2.2.0-p1
Checkmk NagVis	=2.2.0-p10
Checkmk NagVis	=2.2.0-p11
Checkmk NagVis	=2.2.0-p12
Checkmk NagVis	=2.2.0-p13
Checkmk NagVis	=2.2.0-p14
Checkmk NagVis	=2.2.0-p15
Checkmk NagVis	=2.2.0-p16
Checkmk NagVis	=2.2.0-p17
Checkmk NagVis	=2.2.0-p18
Checkmk NagVis	=2.2.0-p19
Checkmk NagVis	=2.2.0-p2
Checkmk NagVis	=2.2.0-p20
Checkmk NagVis	=2.2.0-p21
Checkmk NagVis	=2.2.0-p22
Checkmk NagVis	=2.2.0-p23
Checkmk NagVis	=2.2.0-p24
Checkmk NagVis	=2.2.0-p25
Checkmk NagVis	=2.2.0-p26
Checkmk NagVis	=2.2.0-p27
Checkmk NagVis	=2.2.0-p28
Checkmk NagVis	=2.2.0-p3
Checkmk NagVis	=2.2.0-p4
Checkmk NagVis	=2.2.0-p5
Checkmk NagVis	=2.2.0-p6
Checkmk NagVis	=2.2.0-p7
Checkmk NagVis	=2.2.0-p8
Checkmk NagVis	=2.2.0-p9
Checkmk NagVis	=2.3.0
Checkmk NagVis	=2.3.0-b1
Checkmk NagVis	=2.3.0-b2
Checkmk NagVis	=2.3.0-b3
Checkmk NagVis	=2.3.0-b4
Checkmk NagVis	=2.3.0-b5
Checkmk NagVis	=2.3.0-b6
Checkmk NagVis	=2.3.0-p1
Checkmk NagVis	=2.3.0-p2
Checkmk NagVis	=2.3.0-p3
Checkmk NagVis	=2.3.0-p4
Checkmk NagVis	=2.3.0-p5
Checkmk NagVis	=2.3.0-p6
Checkmk NagVis	=2.3.0-p7

Never miss a vulnerability like this again

Reference Links

https://checkmk.com/werk/16845

Frequently Asked Questions

What is the severity of CVE-2024-28827?
CVE-2024-28827 has a high severity rating due to its potential to allow local attackers to gain SYSTEM privileges.
How do I fix CVE-2024-28827?
To fix CVE-2024-28827, update the Checkmk Windows Agent to versions 2.3.0p8 or later, 2.2.0p29 or later, 2.1.0p45 or later, or 2.0.0p39 or later.
Who is affected by CVE-2024-28827?
CVE-2024-28827 affects Checkmk versions below 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0p39.
What type of vulnerability is CVE-2024-28827?
CVE-2024-28827 is a local privilege escalation vulnerability due to incorrect permissions.
Is there a workaround for CVE-2024-28827 until I can update?
There is no official workaround for CVE-2024-28827, so updating to a secure version is strongly recommended.

agent/title
agent/weakness
agent/references
agent/type
agent/description
agent/first-publish-date
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/checkmk
canonical/checkmk nagvis
version/checkmk nagvis/2.0.0
version/checkmk nagvis/2.1.0
version/checkmk nagvis/2.1.0-b1
version/checkmk nagvis/2.1.0-b2
version/checkmk nagvis/2.1.0-b3
version/checkmk nagvis/2.1.0-b4
version/checkmk nagvis/2.1.0-b5
version/checkmk nagvis/2.1.0-b6
version/checkmk nagvis/2.1.0-b7
version/checkmk nagvis/2.1.0-b8
version/checkmk nagvis/2.1.0-b9
version/checkmk nagvis/2.1.0-p1
version/checkmk nagvis/2.1.0-p10
version/checkmk nagvis/2.1.0-p11
version/checkmk nagvis/2.1.0-p12
version/checkmk nagvis/2.1.0-p13
version/checkmk nagvis/2.1.0-p14
version/checkmk nagvis/2.1.0-p15
version/checkmk nagvis/2.1.0-p16
version/checkmk nagvis/2.1.0-p17
version/checkmk nagvis/2.1.0-p18
version/checkmk nagvis/2.1.0-p19
version/checkmk nagvis/2.1.0-p2
version/checkmk nagvis/2.1.0-p20
version/checkmk nagvis/2.1.0-p21
version/checkmk nagvis/2.1.0-p22
version/checkmk nagvis/2.1.0-p23
version/checkmk nagvis/2.1.0-p24
version/checkmk nagvis/2.1.0-p25
version/checkmk nagvis/2.1.0-p26
version/checkmk nagvis/2.1.0-p27
version/checkmk nagvis/2.1.0-p28
version/checkmk nagvis/2.1.0-p29
version/checkmk nagvis/2.1.0-p3
version/checkmk nagvis/2.1.0-p30
version/checkmk nagvis/2.1.0-p31
version/checkmk nagvis/2.1.0-p32
version/checkmk nagvis/2.1.0-p33
version/checkmk nagvis/2.1.0-p34
version/checkmk nagvis/2.1.0-p35
version/checkmk nagvis/2.1.0-p36
version/checkmk nagvis/2.1.0-p37
version/checkmk nagvis/2.1.0-p38
version/checkmk nagvis/2.1.0-p39
version/checkmk nagvis/2.1.0-p4
version/checkmk nagvis/2.1.0-p40
version/checkmk nagvis/2.1.0-p41
version/checkmk nagvis/2.1.0-p42
version/checkmk nagvis/2.1.0-p43
version/checkmk nagvis/2.1.0-p44
version/checkmk nagvis/2.1.0-p5
version/checkmk nagvis/2.1.0-p6
version/checkmk nagvis/2.1.0-p7
version/checkmk nagvis/2.1.0-p8
version/checkmk nagvis/2.1.0-p9
version/checkmk nagvis/2.2.0
version/checkmk nagvis/2.2.0-b1
version/checkmk nagvis/2.2.0-b2
version/checkmk nagvis/2.2.0-b3
version/checkmk nagvis/2.2.0-b4
version/checkmk nagvis/2.2.0-b5
version/checkmk nagvis/2.2.0-b6
version/checkmk nagvis/2.2.0-b7
version/checkmk nagvis/2.2.0-b8
version/checkmk nagvis/2.2.0-i1
version/checkmk nagvis/2.2.0-p1
version/checkmk nagvis/2.2.0-p10
version/checkmk nagvis/2.2.0-p11
version/checkmk nagvis/2.2.0-p12
version/checkmk nagvis/2.2.0-p13
version/checkmk nagvis/2.2.0-p14
version/checkmk nagvis/2.2.0-p15
version/checkmk nagvis/2.2.0-p16
version/checkmk nagvis/2.2.0-p17
version/checkmk nagvis/2.2.0-p18
version/checkmk nagvis/2.2.0-p19
version/checkmk nagvis/2.2.0-p2
version/checkmk nagvis/2.2.0-p20
version/checkmk nagvis/2.2.0-p21
version/checkmk nagvis/2.2.0-p22
version/checkmk nagvis/2.2.0-p23
version/checkmk nagvis/2.2.0-p24
version/checkmk nagvis/2.2.0-p25
version/checkmk nagvis/2.2.0-p26
version/checkmk nagvis/2.2.0-p27
version/checkmk nagvis/2.2.0-p28
version/checkmk nagvis/2.2.0-p3
version/checkmk nagvis/2.2.0-p4
version/checkmk nagvis/2.2.0-p5
version/checkmk nagvis/2.2.0-p6
version/checkmk nagvis/2.2.0-p7
version/checkmk nagvis/2.2.0-p8
version/checkmk nagvis/2.2.0-p9
version/checkmk nagvis/2.3.0
version/checkmk nagvis/2.3.0-b1
version/checkmk nagvis/2.3.0-b2
version/checkmk nagvis/2.3.0-b3
version/checkmk nagvis/2.3.0-b4
version/checkmk nagvis/2.3.0-b5
version/checkmk nagvis/2.3.0-b6
version/checkmk nagvis/2.3.0-p1
version/checkmk nagvis/2.3.0-p2
version/checkmk nagvis/2.3.0-p3
version/checkmk nagvis/2.3.0-p4
version/checkmk nagvis/2.3.0-p5
version/checkmk nagvis/2.3.0-p6
version/checkmk nagvis/2.3.0-p7