Arbitrary Code Execution via Unsafe Usage of Pickle in Check_MK

Arbitrary Code Execution via Unsafe Usage of Pickle in Check_MK

CVE-2014-5340 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.

Learn more about our Web Application Penetration Testing UK.