Vulnerability Description
The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Check Mk Project | Check Mk | <= 1.2.4 |
Related Weaknesses (CWE)
References
- http://mathias-kettner.de/check_mk_werks.php?werk_id=984PatchVendor Advisory
- http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A
- http://rhn.redhat.com/errata/RHSA-2015-1495.html
- http://www.securityfocus.com/archive/1/533180/100/0/threaded
- http://mathias-kettner.de/check_mk_werks.php?werk_id=984PatchVendor Advisory
- http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A
- http://rhn.redhat.com/errata/RHSA-2015-1495.html
- http://www.securityfocus.com/archive/1/533180/100/0/threaded
FAQ
What is CVE-2014-5340?
CVE-2014-5340 is a vulnerability with a CVSS score of 9.3 (HIGH). The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, ...
How severe is CVE-2014-5340?
CVE-2014-5340 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5340?
Check the references section above for vendor advisories and patch information. Affected products include: Check Mk Project Check Mk.