PT-2022-7424 · Zabbix · Zabbix-Agent2
Published
2022-01-06
·
Updated
2023-08-08
·
CVE-2022-22704
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
zabbix-agent2 versions prior to 5.4.9-r1
Description
The issue is related to a design flaw in the zabbix-agent2 package for Alpine Linux, where it incorrectly relies on systemd to determine part of the configuration, leading to a potential privilege escalation to root level for a remote attacker.
Recommendations
For versions prior to 5.4.9-r1, update to version 5.4.9-r1 or later to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zabbix-Agent2