An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://support.zabbix.com/browse/ZBX-25016 |
History
Wed, 04 Dec 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha7:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha8:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha9:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:rc2:*:*:*:*:*:* |
Tue, 13 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Zabbix
Zabbix zabbix |
|
CPEs | cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* | |
Vendors & Products |
Zabbix
Zabbix zabbix |
|
Metrics |
ssvc
|
Fri, 09 Aug 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
Fri, 09 Aug 2024 10:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure. | |
Title | Remote code execution within ping script | |
Weaknesses | CWE-94 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Zabbix
Published: 2024-08-09T10:16:34.982Z
Updated: 2024-12-04T14:37:43.459Z
Reserved: 2024-01-05T07:44:01.394Z
Link: CVE-2024-22116
Vulnrichment
Updated: 2024-08-13T14:56:30.690Z
NVD
Status : Analyzed
Published: 2024-08-12T13:38:15.863
Modified: 2024-12-04T15:21:51.983
Link: CVE-2024-22116
Redhat
No data.