Executive Risk Summary
"A local unprivileged user can exploit a privilege escalation vulnerability in the mk_mysql agent plugin on Windows, allowing arbitrary code execution in the context of the Checkmk agent service. This vulnerability affects Checkmk versions <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL)."
Anticipated Attack Path
- 1. Create a Windows service with a name matching 'MySQL' or 'MariaDB'
- 2. Exploit the mk_mysql agent plugin vulnerability
- 3. Execute arbitrary code in the context of the Checkmk agent service
Am I Vulnerable?
- Verify Checkmk version
- Check for Windows services with names matching 'MySQL' or 'MariaDB'
- Review system logs for suspicious activity
Operational Audit Arsenal
Target Type Windows Service
Target Asset Checkmk Agent Service
Standard Path C:\Program Files\checkmk\agent\bin\
Manual Verification Required
This is a non-Windows asset (Checkmk). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.
Patch Impact Forecast
Reboot Required Likely
Service interruption possible during patching
Internal Work Notes
CVE-2024-47091: Privilege escalation vulnerability in Checkmk mk_mysql agent plugin on Windows, allowing arbitrary code execution as SYSTEM. Patching required to prevent exploitation.
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Related Checkmk Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.