Platform
zabbix
Component
zabbix
Fixed in
6.4.16
7.0.1
CVE-2024-22116 is a critical Remote Code Execution (RCE) vulnerability discovered in Zabbix, a popular open-source monitoring solution. This flaw allows an administrator with restricted permissions to execute arbitrary code on the system through the Monitoring Hosts section's script execution functionality. The vulnerability impacts Zabbix versions 6.4.9 through 7.0.0rc2, and a fix is available in version 7.0.1.
The impact of CVE-2024-22116 is severe. A successful exploit allows an attacker to gain complete control over the Zabbix server, potentially leading to data breaches, system compromise, and disruption of monitoring services. Attackers could leverage this RCE to install malware, steal sensitive data collected by Zabbix (including credentials and system metrics), or pivot to other systems within the network. The ability to execute arbitrary code bypasses standard security controls and represents a significant escalation of privileges. This vulnerability shares similarities with other script injection flaws where insufficient input validation allows for code execution.
CVE-2024-22116 was publicly disclosed on August 9, 2024. The CVSS score of 9.9 (CRITICAL) indicates a high probability of exploitation. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk. It is not currently listed on CISA KEV, but its criticality warrants close monitoring. Active exploitation campaigns are possible given the ease of exploitation and the widespread use of Zabbix.
Exploit Status
EPSS
0.50% (66% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-22116 is to immediately upgrade to Zabbix version 7.0.1 or later. If upgrading is not immediately feasible, consider restricting access to the Monitoring Hosts section to only highly trusted administrators. Implement strict input validation and sanitization for all script parameters within Zabbix. While a WAF may offer some protection, it is not a substitute for patching. Monitor Zabbix logs for suspicious activity, particularly related to script execution, and consider implementing intrusion detection signatures to identify potential exploitation attempts. After upgrading, confirm the fix by attempting to execute a script with malicious code through the Monitoring Hosts section; it should be rejected.
Update Zabbix to the latest available version. Affected versions are 6.4.9 to 6.4.15 and 7.0.0alpha1 to 7.0.0rc2. The update will fix the remote code execution vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-22116 is a critical Remote Code Execution vulnerability in Zabbix, allowing administrators with restricted permissions to execute arbitrary code via the Ping script.
You are affected if you are running Zabbix versions 6.4.9 through 7.0.0rc2. Upgrade to 7.0.1 or later to mitigate the risk.
Upgrade to Zabbix version 7.0.1 or later. As a temporary workaround, restrict access to the Monitoring Hosts section to trusted administrators.
While no active exploitation has been confirmed, the high CVSS score and ease of exploitation suggest a high probability of exploitation.
Refer to the official Zabbix security advisory: [https://www.zabbix.com/security/advisories/ZBX-2701](https://www.zabbix.com/security/advisories/ZBX-2701)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.