An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.
History

Wed, 04 Dec 2024 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:7.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:7.0.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:7.0.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:7.0.0:alpha7:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:7.0.0:alpha8:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:7.0.0:alpha9:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:7.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:7.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:7.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:7.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:7.0.0:rc2:*:*:*:*:*:*

Tue, 13 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Zabbix
Zabbix zabbix
CPEs cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
Vendors & Products Zabbix
Zabbix zabbix
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 09 Aug 2024 13:45:00 +0000


Fri, 09 Aug 2024 10:30:00 +0000

Type Values Removed Values Added
Description An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.
Title Remote code execution within ping script
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Zabbix

Published: 2024-08-09T10:16:34.982Z

Updated: 2024-12-04T14:37:43.459Z

Reserved: 2024-01-05T07:44:01.394Z

Link: CVE-2024-22116

cve-icon Vulnrichment

Updated: 2024-08-13T14:56:30.690Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-12T13:38:15.863

Modified: 2024-12-04T15:21:51.983

Link: CVE-2024-22116

cve-icon Redhat

No data.