← back
CVE-2017-14955

CVE-2017-14955

EPSS 12.1%
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/43021/unverifiedexploitdbwww.exploit-db.com/exploits/43021unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yeshttps://www.exploit-db.com/exploits/43021/