cbcvebase.
CVE-2017-14955
published 2017-10-02

CVE-2017-14955: Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain…

PriorityP343medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EXPLOIT
EPSS
12.13%
95.6th percentile
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.

Affected

6 ranges
VendorProductVersion rangeFixed in
checkmkcheckmk
checkmkcheckmk
checkmkcheckmk
checkmkcheckmk
checkmkcheckmk
checkmkcheckmk

CVSS provenance

nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.9MEDIUM
vendor_redhat5.9MEDIUM
vendor_ubuntu5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.