Checkmk < 2.2.0p5 Information Disclosure Vulnerability

[Pr1mEzz]

Hello,

yesterday we had a Vulnerability Testing and we found an Information Disclosure in our Agent Config.

The Agent is listening AND answering any requests at our WAN-Interfaces/IP's with any informations the agent is gathering. (you can check ist with "telnet ip port")
Worryingly, the port is not even open in the firewall policys.

---

---

Today we helped us with one workaround. In /usr/local/etc/checkmk.conf we added the CheckMK-IPs:

onlyfrom: our ipaddresses, comma seperated

So the Output with telnet after starting and stopping the agent is now:

Escape character is '^]'.
Connection closed by foreign host.

Is there anyway to configure listen interfaces or IP-Adresses so that the Agentport is not open at all Interfaces?

Thanks in Advance

[h4llm3n]

Hi! Can't confirm that issue here.
And the port should be 6556, not 5665.
Maybe you want to check your WAN rules and also the auto generated one here.

[thorstenspille]

Hi,
if your firewall ruleset is configured properly, incoming packages on the WAN interface will be dropped.
You can ignore the CVE, this is an unoffical agent and we are using other version numbers. The dependencies are also others, than the official checkmk agent and t's using the python3 system interpreter of the opnsense, do for dependencies just check the known vulnerabilities for opnsense.