Cyber Resilience

CVE-2024-13723

High

Published: 04 February 2025

Published
04 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0117 79.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13723 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Korelogic (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-13723 is a remote code execution vulnerability in the NagVis component within Checkmk. It allows an authenticated attacker with administrative privileges to upload a malicious PHP file and modify specific settings to execute the file's contents as PHP. The vulnerability is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type) and has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

An authenticated attacker possessing administrative-level privileges in Checkmk can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables full compromise of the Confidentiality, Integrity, and Availability triads on the affected system, as the attacker can execute arbitrary PHP code.

Mitigation details are outlined in vendor advisories and patch notes, including Checkmk werks for version 2.3.0p10 at https://checkmk.com/werks?version=2.3.0p10, NagVis changelog for version 1.9.42 at https://www.nagvis.org/downloads/changelog/1.9.42, and a KoreLogic advisory at https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt. Additional disclosures are available at http://seclists.org/fulldisclosure/2025/Feb/4 and http://www.openwall.com/lists/oss-security/2025/02/04/4.

EU & UK References

Vulnerability details

The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

RCE via unrestricted malicious PHP file upload directly enables web shell deployment (T1505.003) after exploiting the public-facing Checkmk/NagVis application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434
CVE-2026-2097Shared CWE-434
CVE-2025-12154Shared CWE-434
CVE-2026-42748Shared CWE-434
CVE-2025-32957Shared CWE-434

Affected Assets

Korelogic
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates unrestricted upload of dangerous PHP files by enforcing input validation and error handling on file uploads in the NagVis component.

prevent

Addresses the specific flaw in NagVis allowing malicious PHP upload and execution through timely identification, reporting, and correction via vendor patches.

prevent

Limits the impact by enforcing least privilege, preventing unnecessary administrative access required to upload files and modify execution settings.

References