CVE-2017-14955 — Vulnetix

CVE-2017-14955 PUBLISHED

Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.

EPSS 19.62% · 95.5th percentile

Risk Scores

EPSS Score

19.62%

95.5th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	check-mk	*, 0
Ubuntu:Pro:16.04:LTS	check-mk	*, 0, 1.2.6p5-1

Exploit Intelligence

http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8 (circl)
https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yes (circl)
43021 (cve.org)
Check_MK 1.2.8p25 - Information Disclosure Exploit (0day-today)
Check_MK 1.2.8p25 - Information Disclosure Exploit (0day-today)

Timeline

Oct 1, 2017 CVE Published
Oct 20, 2017 PoC Published
Apr 14, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Mar 15, 2023 EPSS Score
May 8, 2023 EPSS Score
Mar 19, 2025 EPSS Score
Mar 21, 2025 EPSS Score
Mar 22, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 12, 2025 EPSS Score
Apr 13, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2017-14955 third-party-advisory
http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8 third-party-advisory
https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yes third-party-advisory
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=a4a2cc1f30ff6032899ca80eed29fa26b8898c54 third-party-advisory
https://ubuntu.com/security/notices/USN-5527-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2017-14955 third-party-advisory
https://ubuntu.com/security/notices/USN-5527-2 vendor-advisory

Open in Interactive Console →