Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://support.zabbix.com/browse/ZBX-25013 |
History
Tue, 10 Dec 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Zabbix
Zabbix zabbix |
|
CPEs | cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha7:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha8:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha9:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:rc2:*:*:*:*:*:* |
|
Vendors & Products |
Zabbix
Zabbix zabbix |
Fri, 09 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 09 Aug 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
Fri, 09 Aug 2024 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI. | |
Title | Zabbix Arbitrary File Read | |
Weaknesses | CWE-94 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Zabbix
Published: 2024-08-09T10:57:08.143Z
Updated: 2024-08-09T14:41:24.330Z
Reserved: 2024-01-05T07:44:01.395Z
Link: CVE-2024-22123
Vulnrichment
Updated: 2024-08-09T14:41:10.754Z
NVD
Status : Analyzed
Published: 2024-08-12T13:38:16.520
Modified: 2024-12-10T16:32:45.670
Link: CVE-2024-22123
Redhat
No data.