CVE-2024-47092
Published: 03 March 2025
Summary
CVE-2024-47092 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Heinlein-Support Check Mk Python Api. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-47092, published on 2025-03-03, is a critical vulnerability rated at CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) stemming from insecure deserialization (CWE-502) and improper certificate validation. It affects the Checkmk Exchange plugin check-mk-api in versions prior to 5.8.1, a component used within Checkmk monitoring environments for API interactions.
Remote attackers require only network access to exploit this vulnerability, with low attack complexity, no privileges, authentication, or user interaction needed. Successful exploitation enables high-impact consequences across confidentiality, integrity, and availability, allowing attackers to potentially execute arbitrary code or fully compromise affected systems.
Advisories recommend updating the check-mk-api plugin to version 5.8.1 or later for mitigation. A specific fix is implemented in the GitHub commit b5a2a7529e3367d7a643e66f05da4f2a27013904 from the HeinleinSupport/check_mk_extensions repository, with further details available on the Checkmk Exchange plugin page.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5766
Vulnerability details
Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insecure deserialization in a network-accessible API plugin directly enables unauthenticated remote code execution on a public-facing monitoring service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates insecure deserialization by requiring validation of all inputs prior to processing, preventing arbitrary code execution from untrusted data.
Ensures proper certificate validation in PKI communications, addressing the improper certificate validation flaw in the check-mk-api plugin.
Requires timely flaw remediation through patching, directly countering the vulnerability fixed in check-mk-api version 5.8.1.