CVE-2024-6572

Improper host key checking in active check Check SFTP Service and special agent VNX quotas and filesystem in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic

Weakness

The product performs a key exchange with an actor without verifying the identity of that actor.

Affected Software

Name	Vendor	Start Version	End Version
Checkmk	Checkmk	2.0.0 (including)	2.0.0 (including)
Checkmk	Checkmk	2.1.0 (including)	2.1.0 (including)
Checkmk	Checkmk	2.1.0-b1 (including)	2.1.0-b1 (including)
Checkmk	Checkmk	2.1.0-b2 (including)	2.1.0-b2 (including)
Checkmk	Checkmk	2.1.0-b3 (including)	2.1.0-b3 (including)
Checkmk	Checkmk	2.1.0-b4 (including)	2.1.0-b4 (including)
Checkmk	Checkmk	2.1.0-b5 (including)	2.1.0-b5 (including)
Checkmk	Checkmk	2.1.0-b6 (including)	2.1.0-b6 (including)
Checkmk	Checkmk	2.1.0-b7 (including)	2.1.0-b7 (including)
Checkmk	Checkmk	2.1.0-b8 (including)	2.1.0-b8 (including)
Checkmk	Checkmk	2.1.0-b9 (including)	2.1.0-b9 (including)
Checkmk	Checkmk	2.1.0-p1 (including)	2.1.0-p1 (including)
Checkmk	Checkmk	2.1.0-p10 (including)	2.1.0-p10 (including)
Checkmk	Checkmk	2.1.0-p11 (including)	2.1.0-p11 (including)
Checkmk	Checkmk	2.1.0-p12 (including)	2.1.0-p12 (including)
Checkmk	Checkmk	2.1.0-p13 (including)	2.1.0-p13 (including)
Checkmk	Checkmk	2.1.0-p14 (including)	2.1.0-p14 (including)
Checkmk	Checkmk	2.1.0-p15 (including)	2.1.0-p15 (including)
Checkmk	Checkmk	2.1.0-p16 (including)	2.1.0-p16 (including)
Checkmk	Checkmk	2.1.0-p17 (including)	2.1.0-p17 (including)
Checkmk	Checkmk	2.1.0-p18 (including)	2.1.0-p18 (including)
Checkmk	Checkmk	2.1.0-p19 (including)	2.1.0-p19 (including)
Checkmk	Checkmk	2.1.0-p2 (including)	2.1.0-p2 (including)
Checkmk	Checkmk	2.1.0-p20 (including)	2.1.0-p20 (including)
Checkmk	Checkmk	2.1.0-p21 (including)	2.1.0-p21 (including)
Checkmk	Checkmk	2.1.0-p22 (including)	2.1.0-p22 (including)
Checkmk	Checkmk	2.1.0-p23 (including)	2.1.0-p23 (including)
Checkmk	Checkmk	2.1.0-p24 (including)	2.1.0-p24 (including)
Checkmk	Checkmk	2.1.0-p25 (including)	2.1.0-p25 (including)
Checkmk	Checkmk	2.1.0-p26 (including)	2.1.0-p26 (including)
Checkmk	Checkmk	2.1.0-p27 (including)	2.1.0-p27 (including)
Checkmk	Checkmk	2.1.0-p28 (including)	2.1.0-p28 (including)
Checkmk	Checkmk	2.1.0-p29 (including)	2.1.0-p29 (including)
Checkmk	Checkmk	2.1.0-p3 (including)	2.1.0-p3 (including)
Checkmk	Checkmk	2.1.0-p30 (including)	2.1.0-p30 (including)
Checkmk	Checkmk	2.1.0-p31 (including)	2.1.0-p31 (including)
Checkmk	Checkmk	2.1.0-p32 (including)	2.1.0-p32 (including)
Checkmk	Checkmk	2.1.0-p33 (including)	2.1.0-p33 (including)
Checkmk	Checkmk	2.1.0-p34 (including)	2.1.0-p34 (including)
Checkmk	Checkmk	2.1.0-p35 (including)	2.1.0-p35 (including)
Checkmk	Checkmk	2.1.0-p36 (including)	2.1.0-p36 (including)
Checkmk	Checkmk	2.1.0-p37 (including)	2.1.0-p37 (including)
Checkmk	Checkmk	2.1.0-p38 (including)	2.1.0-p38 (including)
Checkmk	Checkmk	2.1.0-p39 (including)	2.1.0-p39 (including)
Checkmk	Checkmk	2.1.0-p4 (including)	2.1.0-p4 (including)
Checkmk	Checkmk	2.1.0-p40 (including)	2.1.0-p40 (including)
Checkmk	Checkmk	2.1.0-p41 (including)	2.1.0-p41 (including)
Checkmk	Checkmk	2.1.0-p42 (including)	2.1.0-p42 (including)
Checkmk	Checkmk	2.1.0-p43 (including)	2.1.0-p43 (including)
Checkmk	Checkmk	2.1.0-p44 (including)	2.1.0-p44 (including)
Checkmk	Checkmk	2.1.0-p45 (including)	2.1.0-p45 (including)
Checkmk	Checkmk	2.1.0-p46 (including)	2.1.0-p46 (including)
Checkmk	Checkmk	2.1.0-p47 (including)	2.1.0-p47 (including)
Checkmk	Checkmk	2.1.0-p5 (including)	2.1.0-p5 (including)
Checkmk	Checkmk	2.1.0-p6 (including)	2.1.0-p6 (including)
Checkmk	Checkmk	2.1.0-p7 (including)	2.1.0-p7 (including)
Checkmk	Checkmk	2.1.0-p8 (including)	2.1.0-p8 (including)
Checkmk	Checkmk	2.1.0-p9 (including)	2.1.0-p9 (including)
Checkmk	Checkmk	2.2.0 (including)	2.2.0 (including)
Checkmk	Checkmk	2.2.0-b1 (including)	2.2.0-b1 (including)
Checkmk	Checkmk	2.2.0-b2 (including)	2.2.0-b2 (including)
Checkmk	Checkmk	2.2.0-b3 (including)	2.2.0-b3 (including)
Checkmk	Checkmk	2.2.0-b4 (including)	2.2.0-b4 (including)
Checkmk	Checkmk	2.2.0-b5 (including)	2.2.0-b5 (including)
Checkmk	Checkmk	2.2.0-b6 (including)	2.2.0-b6 (including)
Checkmk	Checkmk	2.2.0-b7 (including)	2.2.0-b7 (including)
Checkmk	Checkmk	2.2.0-b8 (including)	2.2.0-b8 (including)
Checkmk	Checkmk	2.2.0-i1 (including)	2.2.0-i1 (including)
Checkmk	Checkmk	2.2.0-p1 (including)	2.2.0-p1 (including)
Checkmk	Checkmk	2.2.0-p10 (including)	2.2.0-p10 (including)
Checkmk	Checkmk	2.2.0-p11 (including)	2.2.0-p11 (including)
Checkmk	Checkmk	2.2.0-p12 (including)	2.2.0-p12 (including)
Checkmk	Checkmk	2.2.0-p13 (including)	2.2.0-p13 (including)
Checkmk	Checkmk	2.2.0-p14 (including)	2.2.0-p14 (including)
Checkmk	Checkmk	2.2.0-p15 (including)	2.2.0-p15 (including)
Checkmk	Checkmk	2.2.0-p16 (including)	2.2.0-p16 (including)
Checkmk	Checkmk	2.2.0-p17 (including)	2.2.0-p17 (including)
Checkmk	Checkmk	2.2.0-p18 (including)	2.2.0-p18 (including)
Checkmk	Checkmk	2.2.0-p19 (including)	2.2.0-p19 (including)
Checkmk	Checkmk	2.2.0-p2 (including)	2.2.0-p2 (including)
Checkmk	Checkmk	2.2.0-p20 (including)	2.2.0-p20 (including)
Checkmk	Checkmk	2.2.0-p21 (including)	2.2.0-p21 (including)
Checkmk	Checkmk	2.2.0-p22 (including)	2.2.0-p22 (including)
Checkmk	Checkmk	2.2.0-p23 (including)	2.2.0-p23 (including)
Checkmk	Checkmk	2.2.0-p24 (including)	2.2.0-p24 (including)
Checkmk	Checkmk	2.2.0-p25 (including)	2.2.0-p25 (including)
Checkmk	Checkmk	2.2.0-p26 (including)	2.2.0-p26 (including)
Checkmk	Checkmk	2.2.0-p27 (including)	2.2.0-p27 (including)
Checkmk	Checkmk	2.2.0-p28 (including)	2.2.0-p28 (including)
Checkmk	Checkmk	2.2.0-p29 (including)	2.2.0-p29 (including)
Checkmk	Checkmk	2.2.0-p3 (including)	2.2.0-p3 (including)
Checkmk	Checkmk	2.2.0-p30 (including)	2.2.0-p30 (including)
Checkmk	Checkmk	2.2.0-p31 (including)	2.2.0-p31 (including)
Checkmk	Checkmk	2.2.0-p32 (including)	2.2.0-p32 (including)
Checkmk	Checkmk	2.2.0-p4 (including)	2.2.0-p4 (including)
Checkmk	Checkmk	2.2.0-p5 (including)	2.2.0-p5 (including)
Checkmk	Checkmk	2.2.0-p6 (including)	2.2.0-p6 (including)
Checkmk	Checkmk	2.2.0-p7 (including)	2.2.0-p7 (including)
Checkmk	Checkmk	2.2.0-p8 (including)	2.2.0-p8 (including)
Checkmk	Checkmk	2.2.0-p9 (including)	2.2.0-p9 (including)
Checkmk	Checkmk	2.3.0 (including)	2.3.0 (including)
Checkmk	Checkmk	2.3.0-b1 (including)	2.3.0-b1 (including)
Checkmk	Checkmk	2.3.0-b2 (including)	2.3.0-b2 (including)
Checkmk	Checkmk	2.3.0-b3 (including)	2.3.0-b3 (including)
Checkmk	Checkmk	2.3.0-b4 (including)	2.3.0-b4 (including)
Checkmk	Checkmk	2.3.0-b5 (including)	2.3.0-b5 (including)
Checkmk	Checkmk	2.3.0-b6 (including)	2.3.0-b6 (including)
Checkmk	Checkmk	2.3.0-p1 (including)	2.3.0-p1 (including)
Checkmk	Checkmk	2.3.0-p10 (including)	2.3.0-p10 (including)
Checkmk	Checkmk	2.3.0-p11 (including)	2.3.0-p11 (including)
Checkmk	Checkmk	2.3.0-p12 (including)	2.3.0-p12 (including)
Checkmk	Checkmk	2.3.0-p13 (including)	2.3.0-p13 (including)
Checkmk	Checkmk	2.3.0-p14 (including)	2.3.0-p14 (including)
Checkmk	Checkmk	2.3.0-p2 (including)	2.3.0-p2 (including)
Checkmk	Checkmk	2.3.0-p3 (including)	2.3.0-p3 (including)
Checkmk	Checkmk	2.3.0-p4 (including)	2.3.0-p4 (including)
Checkmk	Checkmk	2.3.0-p5 (including)	2.3.0-p5 (including)
Checkmk	Checkmk	2.3.0-p6 (including)	2.3.0-p6 (including)
Checkmk	Checkmk	2.3.0-p7 (including)	2.3.0-p7 (including)
Checkmk	Checkmk	2.3.0-p8 (including)	2.3.0-p8 (including)
Checkmk	Checkmk	2.3.0-p9 (including)	2.3.0-p9 (including)

Potential Mitigations

References

https://checkmk.com/werk/17148

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-6572
CWE	https://cwe.mitre.org/data/definitions/322.html

Key Exchange without Entity Authentication

Weakness

Affected Software

Potential Mitigations

References