We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-38861

Lack of TLS validation in plugin MikroTik on Checkmk Exchange



Description

Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a.

Reserved 2024-06-20 | Published 2024-09-27 | Updated 2024-09-27 | Assigner Checkmk


MEDIUM: 4.9CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status
affected

2.0.0
affected

0.4a_mk
affected

Credits

Jakob Hartmann of Limes Security finder

Peter Panholzer of Limes Security finder

References

exchange.checkmk.com/p/mikrotik product

cve.org (CVE-2024-38861)

nvd.nist.gov (CVE-2024-38861)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-38861

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.