Key Exchange without Entity Authentication
CVE-2024-6572
Summary
Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic
- HIGH
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-322 - Key Exchange without Entity Authentication
The software performs a key exchange with an actor without verifying the identity of that actor.
References
Advisory Timeline
- Published
