CVE-2024-6572
Medium
Published: 09 September 2024
Published
09 September 2024
Modified
25 August 2025
KEV Added
—
Patch
—
CVSS Score v4
6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score
0.0027
50.5th percentile
Risk Priority
13
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-6572 is a medium-severity Key Exchange without Entity Authentication (CWE-322) vulnerability in Checkmk Checkmk. Its CVSS base score is 6.3 (Medium).
Operationally, ranked in the top 49.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-47644
Vulnerability details
Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
checkmk
checkmk
2.0.0, 2.1.0, 2.2.0, 2.3.0
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.