Scan free
LOWCVE-2024-22123CVSS 2.7

CVE-2024-22123: Arbitrary File Access in Zabbix

Platform

zabbix

Component

zabbix

Fixed in

5.0.43

6.0.31

6.4.16

7.0.1

AI Confidence: highNVDEPSS 0.4%Reviewed: May 2026
View on NVD
Save

CVE-2024-22123 describes an Arbitrary File Access vulnerability affecting Zabbix versions 5.0.0 through 7.0.0rc2. This flaw allows an attacker to manipulate SMS media settings to target log files, resulting in the leakage of log file content to the user interface. The vulnerability has a CVSS score of 2.7 (LOW) and is resolved in Zabbix version 7.0.1.

Impact and Attack Scenarios

The primary impact of CVE-2024-22123 lies in the potential for information disclosure. An attacker, by exploiting the SMS media configuration, can trick the Zabbix server into attempting to communicate with a log file as if it were a GSM modem. This action corrupts the log file with AT commands and exposes a small portion of its contents within the Zabbix UI. While the amount of data leaked is limited, this could include sensitive information logged by the Zabbix server, such as system events, user activity, or error messages. The risk is amplified in environments where Zabbix is used to monitor critical infrastructure or applications, as leaked logs could provide valuable insights for further attacks.

Exploitation Context

CVE-2024-22123 was publicly disclosed on August 9, 2024. As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability's EPSS score is likely low, given the limited impact and lack of public exploits. It is not currently listed on the CISA KEV catalog.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.40% (61% percentile)

CISA SSVC

Exploitationnone
Automatableno
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N2.7LOWAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredHighAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityNoneRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
High — admin or privileged account required to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
None — no confidentiality impact. Attacker cannot read protected data.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentzabbix
VendorZabbix
Affected rangeFixed in
5.0.0 – 5.0.425.0.43
6.0.0 – 6.0.306.0.31
6.4.0 – 6.4.156.4.16
7.0.0alpha1 – 7.0.0rc27.0.1

Weakness Classification (CWE)

CWE-94

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The recommended mitigation for CVE-2024-22123 is to immediately upgrade Zabbix to version 7.0.1 or later, which contains the fix. If upgrading is not immediately feasible, consider restricting access to SMS media configuration settings to trusted users only. Implement strict input validation on any user-provided data related to SMS media, preventing the injection of malicious file paths. Monitor Zabbix logs for unusual activity, particularly attempts to access or modify log files in unexpected ways. After upgrading, confirm the fix by attempting to reproduce the vulnerability using the described exploitation method and verifying that the log file remains intact.

How to fix

Update Zabbix to a version that has fixed the vulnerability. Refer to the Zabbix security advisory for details on affected and fixed versions. Avoid configuring SMS media with arbitrary files.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2024-22123 — Arbitrary File Access in Zabbix?

CVE-2024-22123 is a vulnerability in Zabbix allowing attackers to read portions of log files by manipulating SMS media settings, potentially leaking sensitive data.

Am I affected by CVE-2024-22123 in Zabbix?

You are affected if you are running Zabbix versions 5.0.0 through 7.0.0rc2. Upgrade to 7.0.1 or later to mitigate the risk.

How do I fix CVE-2024-22123 in Zabbix?

Upgrade Zabbix to version 7.0.1 or later. As a temporary workaround, restrict access to SMS media configuration settings.

Is CVE-2024-22123 being actively exploited?

As of now, there are no publicly known active exploits for CVE-2024-22123.

Where can I find the official Zabbix advisory for CVE-2024-22123?

Refer to the official Zabbix security advisory for detailed information and updates: https://www.zabbix.com/security/advisories/.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs