CVE-2024-47091

Q: How severe is CVE-2024-47091?

CVSS scoring is not yet available for CVE-2024-47091. Check NVD for updates.

Q: Is there a patch for CVE-2024-47091?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.

Vulnerability Description

Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.

Related Weaknesses (CWE)

CWE-427

References

https://checkmk.com/werk/19198

FAQ

What is CVE-2024-47091?

CVE-2024-47091 is a documented vulnerability. Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQ...

How severe is CVE-2024-47091?

CVSS scoring is not yet available for CVE-2024-47091. Check NVD for updates.

Is there a patch for CVE-2024-47091?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.