CVE-2024-28827 | Checkmk Windows Agent Operational Intel

Executive Risk Summary

"A local attacker can exploit incorrect permissions on the Checkmk Windows Agent's data directory to gain SYSTEM privileges, potentially allowing for unauthorized access and control of the system. This vulnerability affects Checkmk versions < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39."

Operational Audit Arsenal

Target Type Directory

Target Asset Checkmk Windows Agent data directory

Standard Path %PROGRAMDATA%\checkmk\agent

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: Checkmk Windows Agent data directory (Directory)
$Targets = 'Checkmk Windows Agent data directory'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Monitoring services may be affected

Internal Work Notes

CVE-2024-28827: Checkmk Windows Agent privilege escalation vulnerability, patching required to prevent SYSTEM privilege abuse

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://checkmk.com/werk/16845

Related Checkmk Threats

CVE-2024-0670 CVSS 8.8

Checkmk Windows Agent Plugin

CVE-2025-32919 CVSS 7.8

Checkmk Windows Agent - Windows License plugin

CVE-2024-47091 CVSS 7.8

Checkmk - mk_mysql agent plugin

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.