5.0.43
6.0.31
6.4.16
7.0.1
CVE-2024-22123 describes an Arbitrary File Access vulnerability affecting Zabbix versions 5.0.0 through 7.0.0rc2. This flaw allows an attacker to manipulate SMS media settings to target log files, resulting in the leakage of log file content to the user interface. The vulnerability has a CVSS score of 2.7 (LOW) and is resolved in Zabbix version 7.0.1.
The vulnerability arises from how Zabbix handles SMS media files. An attacker can manipulate the settings for SMS media, specifically the 'GSM modem file' parameter, to point to an arbitrary file on the system. When Zabbix attempts to use this file as a modem, it sends AT commands to it. This process can corrupt the targeted file and, critically, leak a small portion of its content to the Zabbix user interface. While the amount of data leaked is limited, this could expose sensitive information contained within the log file, such as system events, error messages, or even user credentials if they are logged. The potential for broader impact is limited by the need for an attacker to successfully modify the SMS media configuration, which typically requires administrative privileges or a pre-existing vulnerability allowing such access.
CVE-2024-22123 was publicly disclosed on August 9, 2024. Currently, there are no known public proof-of-concept exploits available. The vulnerability has a LOW CVSS score, indicating a relatively low probability of exploitation. It is not currently listed on the CISA KEV catalog. Active campaigns targeting this vulnerability are not currently known.
Organizations utilizing Zabbix for monitoring, particularly those with SMS integration enabled, are at risk. Shared hosting environments where multiple users share a Zabbix instance are especially vulnerable, as a compromised user account could be leveraged to exploit this vulnerability.
• linux / server:
journalctl -u zabbix-server | grep -i "AT commands"• linux / server:
ps aux | grep -i "zabbix_server" | grep -i "modem"• generic web: Check Zabbix UI for unusual log entries or error messages related to modem communication. • generic web: Review Zabbix configuration files for suspicious SMS media settings.
disclosure
Exploit-Status
EPSS
0.40% (61% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-22123 is to upgrade Zabbix to version 7.0.1 or later, which contains the fix. If immediate upgrading is not feasible, consider restricting access to the SMS media configuration settings to only authorized administrators. Implement strict input validation on any user-provided data related to SMS media to prevent malicious file paths from being injected. Monitoring Zabbix logs for unusual AT command activity targeting unexpected files can also provide early detection of potential exploitation attempts. After upgrading, confirm the fix by attempting to manipulate the SMS media settings with a test configuration and verifying that the system does not attempt to access the specified arbitrary file.
Actualice Zabbix a una versión que haya corregido la vulnerabilidad. Consulte el anuncio de seguridad de Zabbix para obtener detalles sobre las versiones afectadas y las versiones corregidas. Evite configurar SMS media con archivos arbitrarios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-22123 is a vulnerability in Zabbix allowing attackers to read portions of log files by manipulating SMS media settings, potentially leaking sensitive data.
You are affected if you are running Zabbix versions 5.0.0 through 7.0.0rc2. Upgrade to 7.0.1 or later to mitigate the risk.
Upgrade Zabbix to version 7.0.1 or later. As a temporary workaround, restrict access to SMS media configuration settings.
As of now, there are no publicly known active exploits for CVE-2024-22123.
Refer to the official Zabbix security advisory for detailed information and updates: https://www.zabbix.com/security/advisories/.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.