Arbitrary Code Execution via Crafted rules.mk File in Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5

Arbitrary Code Execution via Crafted rules.mk File in Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5

CVE-2014-2331 · HIGH Severity

AV:N/AC:M/AU:S/C:C/I:C/A:C

Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

Learn more about our User Device Pen Test.