CVE-2024-22123

CVSS v2.0

3.3

Low

Vector

AV:N/AC:L/Au:M/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Zabbix (affected versions not specified)

Description The issue is related to incorrect code generation control in the Zabbix monitoring system. It allows a remote attacker to execute arbitrary code. Setting SMS media allows configuring a GSM modem file, which is later used as a Linux device. However, since everything is a file in Linux, it is possible to configure another file, such as a log file, and the zabbix server will attempt to communicate with it as a modem. As a result, the log file will be broken with AT commands, and a small part of the log file content will be leaked to the UI.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

ALT-PU-2024-11571

ALT-PU-2024-11575

ALT-PU-2024-15832

BDU:2024-07009

CVE-2024-22123

DLA-3909-1

Affected Products

Alt Linux

Astra Linux

Debian

Red Os

Zabbix

CVE-2024-22123

Weakness Enumeration

Related Identifiers

Affected Products

References · 21