CVE-2024-38865 - Vulnerability Details - OpenCVE

Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://checkmk.com/werk/17028

History

Thu, 10 Apr 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 10 Apr 2025 07:45:00 +0000

Type	Values Removed	Values Added
Description		Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host.
Title		Livestatus command injection in RestAPI
Weaknesses		CWE-140
References		https://checkmk.com/werk/17028
Metrics		cvssV4_0 `{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Checkmk

Published: 2025-04-10T07:35:35.143Z

Updated: 2025-04-10T13:09:56.033Z

Reserved: 2024-06-20T10:03:09.179Z

Link: CVE-2024-38865

Vulnrichment

Updated: 2025-04-10T13:09:52.031Z

NVD

Status : Awaiting Analysis

Published: 2025-04-10T08:15:14.663

Modified: 2025-04-11T15:39:52.920

Link: CVE-2024-38865

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38865", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2024-06-20T10:03:09.179Z", "datePublished": "2025-04-10T07:35:35.143Z", "dateUpdated": "2025-04-10T13:09:56.033Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.3.0p25", "status": "affected", "version": "2.3.0", "versionType": "semver"}, {"lessThan": "2.2.0p39", "status": "affected", "version": "2.2.0", "versionType": "semver"}, {"lessThanOrEqual": "2.1.0p50", "status": "affected", "version": "2.1.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host."}], "impacts": [{"capecId": "CAPEC-15", "descriptions": [{"lang": "en", "value": "CAPEC-15: Command Delimiters"}]}], "metrics": [{"cvssV4_0": {"baseScore": 6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-140", "description": "CWE-140: Improper Neutralization of Delimiters", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2025-04-10T07:35:35.143Z"}, "references": [{"url": "https://checkmk.com/werk/17028"}], "title": "Livestatus command injection in RestAPI"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-10T13:09:48.020379Z", "id": "CVE-2024-38865", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T13:09:56.033Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38865", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-10T13:09:48.020379Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T13:09:52.031Z"}}], "cna": {"title": "Livestatus command injection in RestAPI", "impacts": [{"capecId": "CAPEC-15", "descriptions": [{"lang": "en", "value": "CAPEC-15: Command Delimiters"}]}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Checkmk GmbH", "product": "Checkmk", "versions": [{"status": "affected", "version": "2.3.0", "lessThan": "2.3.0p25", "versionType": "semver"}, {"status": "affected", "version": "2.2.0", "lessThan": "2.2.0p39", "versionType": "semver"}, {"status": "affected", "version": "2.1.0", "versionType": "semver", "lessThanOrEqual": "2.1.0p50"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://checkmk.com/werk/17028"}], "descriptions": [{"lang": "en", "value": "Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-140", "description": "CWE-140: Improper Neutralization of Delimiters"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2025-04-10T07:35:35.143Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38865", "state": "PUBLISHED", "dateUpdated": "2025-04-10T13:09:56.033Z", "dateReserved": "2024-06-20T10:03:09.179Z", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "datePublished": "2025-04-10T07:35:35.143Z", "assignerShortName": "Checkmk"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host."}, {"lang": "es", "value": "La neutralizaci\u00f3n incorrecta de los delimitadores del comando livestatus en un endpoint espec\u00edfico dentro de RestAPI de Checkmk anterior a 2.2.0p39, 2.3.0p25 y 2.1.0p51 (EOL) permite la ejecuci\u00f3n arbitraria del comando livestatus. La explotaci\u00f3n requiere que el atacante tenga un grupo de contactos asignado a su cuenta de usuario y que un evento se origine desde un host con el mismo grupo de contactos o desde un evento generado con un host desconocido."}], "id": "CVE-2024-38865", "lastModified": "2025-04-11T15:39:52.920", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@checkmk.com", "type": "Secondary"}]}, "published": "2025-04-10T08:15:14.663", "references": [{"source": "security@checkmk.com", "url": "https://checkmk.com/werk/17028"}], "sourceIdentifier": "security@checkmk.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-140"}], "source": "security@checkmk.com", "type": "Secondary"}]}