CVE-2024-38864 in Checkmkinfo

Summary

by MITRE • 12/19/2024

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 08/26/2025

The vulnerability identified as CVE-2024-38864 represents a critical permission misconfiguration issue within the Checkmk Windows Agent software ecosystem. This flaw affects multiple versions of Checkmk monitoring platform including versions prior to 2.3.0p23, 2.2.0p38, and the end-of-life 2.1.0p49 releases. The root cause stems from improper access control implementation within the agent's data directory structure, where sensitive monitoring data and configuration files are stored with inadequate permission settings. This misconfiguration creates an exploitable condition that allows local attackers to gain unauthorized access to critical system information that should remain protected.

The technical nature of this vulnerability aligns with CWE-732, which specifically addresses inadequate permissions for critical resources, and represents a direct violation of the principle of least privilege in system security design. When the Checkmk Windows Agent initializes, it creates a data directory that contains various monitoring artifacts including performance metrics, system information, and potentially sensitive configuration parameters. The improper file system permissions mean that local user accounts, including those with minimal privileges, can traverse the directory structure and extract valuable information about the monitored systems. This includes not only performance data but also potentially sensitive operational details that could aid in further attacks or system compromise.

From an operational impact perspective, this vulnerability creates significant risk for organizations relying on Checkmk for system monitoring and management. Local attackers who gain access to the system through any means can exploit this weakness to extract sensitive monitoring data that may include system configurations, performance baselines, network information, and operational details that could be leveraged in subsequent attacks. The vulnerability is particularly concerning because it requires no network access or external attack vectors - simply local system access is sufficient to exploit the misconfigured permissions. This makes it a high-value target for attackers who have already achieved initial system compromise or those seeking to escalate privileges within a compromised environment. The extracted data could potentially reveal system architecture, operational patterns, and monitoring configurations that would otherwise remain hidden from unauthorized parties.

The security implications extend beyond simple data exposure, as this vulnerability can facilitate more sophisticated attack vectors through the ATT&CK framework's privilege escalation and credential access phases. Attackers can use the extracted information to better understand system behavior, identify potential weaknesses in monitoring configurations, and plan more targeted attacks against the monitored infrastructure. Organizations should immediately implement mitigation strategies including applying the latest patches for Checkmk versions 2.3.0p23, 2.2.0p38, and ensuring proper permission settings on the data directory. Additionally, system administrators should conduct thorough audits of file permissions and implement monitoring for unauthorized access attempts to the Checkmk agent directories. The vulnerability highlights the importance of proper access control implementation and the need for regular security assessments of monitoring and management tools to prevent similar permission-related issues from compromising system integrity.

Responsible

Checkmk

Reservation

06/20/2024

Disclosure

12/19/2024

Moderation

accepted

CPE

ready

EPSS

0.00180

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!