Vulnerability Description
Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.
CVSS Score
4.9
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Check Mk Project | Check Mk | <= 1.2.4 |
References
- http://mathias-kettner.de/check_mk_werks.php?werk_id=983PatchVendor Advisory
- http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A
- http://rhn.redhat.com/errata/RHSA-2015-1495.html
- http://www.securityfocus.com/archive/1/533180/100/0/threaded
- http://mathias-kettner.de/check_mk_werks.php?werk_id=983PatchVendor Advisory
- http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A
- http://rhn.redhat.com/errata/RHSA-2015-1495.html
- http://www.securityfocus.com/archive/1/533180/100/0/threaded
FAQ
What is CVE-2014-5339?
CVE-2014-5339 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.
How severe is CVE-2014-5339?
CVE-2014-5339 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5339?
Check the references section above for vendor advisories and patch information. Affected products include: Check Mk Project Check Mk.