CVE-2024-13723
Published: 04 February 2025
Summary
CVE-2024-13723 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Korelogic (inferred from references). Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-13723 is a remote code execution vulnerability in the NagVis component within Checkmk. It allows an authenticated attacker with administrative privileges to upload a malicious PHP file and modify specific settings to execute the file's contents as PHP. The vulnerability is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type) and has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
An authenticated attacker possessing administrative-level privileges in Checkmk can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables full compromise of the Confidentiality, Integrity, and Availability triads on the affected system, as the attacker can execute arbitrary PHP code.
Mitigation details are outlined in vendor advisories and patch notes, including Checkmk werks for version 2.3.0p10 at https://checkmk.com/werks?version=2.3.0p10, NagVis changelog for version 1.9.42 at https://www.nagvis.org/downloads/changelog/1.9.42, and a KoreLogic advisory at https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt. Additional disclosures are available at http://seclists.org/fulldisclosure/2025/Feb/4 and http://www.openwall.com/lists/oss-security/2025/02/04/4.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51736
Vulnerability details
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE via unrestricted malicious PHP file upload directly enables web shell deployment (T1505.003) after exploiting the public-facing Checkmk/NagVis application (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates unrestricted upload of dangerous PHP files by enforcing input validation and error handling on file uploads in the NagVis component.
Addresses the specific flaw in NagVis allowing malicious PHP upload and execution through timely identification, reporting, and correction via vendor patches.
Limits the impact by enforcing least privilege, preventing unnecessary administrative access required to upload files and modify execution settings.