प्लेटफ़ॉर्म
zabbix
घटक
zabbix
में ठीक किया गया
6.4.16
7.0.1
CVE-2024-22116 is a critical Remote Code Execution (RCE) vulnerability discovered in Zabbix, a popular open-source monitoring solution. This flaw allows an administrator with restricted permissions to execute arbitrary code on the system through the Monitoring Hosts section's script execution functionality. The vulnerability impacts Zabbix versions 6.4.9 through 7.0.0rc2, and a fix is available in version 7.0.1.
The impact of CVE-2024-22116 is severe. A successful exploit allows an attacker to gain complete control over the Zabbix server, potentially leading to data breaches, system compromise, and disruption of monitoring services. Attackers could leverage this RCE to install malware, steal sensitive data collected by Zabbix (including credentials and system metrics), or pivot to other systems within the network. The ability to execute arbitrary code bypasses standard security controls and represents a significant escalation of privileges. This vulnerability shares similarities with other script injection flaws where insufficient input validation allows for code execution.
CVE-2024-22116 was publicly disclosed on August 9, 2024. The CVSS score of 9.9 (CRITICAL) indicates a high probability of exploitation. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk. It is not currently listed on CISA KEV, but its criticality warrants close monitoring. Active exploitation campaigns are possible given the ease of exploitation and the widespread use of Zabbix.
Organizations heavily reliant on Zabbix for monitoring critical infrastructure are particularly at risk. This includes those with complex Zabbix configurations, custom scripts, or a large number of administrators with varying permission levels. Shared hosting environments utilizing Zabbix are also vulnerable, as a compromised account on one instance could potentially impact others.
• linux / server:
journalctl -u zabbix-server -g "Ping script execution"• zabbix: Review Zabbix logs for unusual script execution attempts, particularly those originating from restricted user accounts. • generic web: Check Zabbix server access logs for requests to the Monitoring Hosts section with unusual parameters. • windows / supply-chain: While Zabbix primarily runs on Linux, if agents are deployed on Windows, monitor PowerShell execution logs for suspicious scripts related to Zabbix.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.50% (66% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-22116 is to immediately upgrade to Zabbix version 7.0.1 or later. If upgrading is not immediately feasible, consider restricting access to the Monitoring Hosts section to only highly trusted administrators. Implement strict input validation and sanitization for all script parameters within Zabbix. While a WAF may offer some protection, it is not a substitute for patching. Monitor Zabbix logs for suspicious activity, particularly related to script execution, and consider implementing intrusion detection signatures to identify potential exploitation attempts. After upgrading, confirm the fix by attempting to execute a script with malicious code through the Monitoring Hosts section; it should be rejected.
Actualice Zabbix a la última versión disponible. Las versiones afectadas son 6.4.9 a 6.4.15 y 7.0.0alpha1 a 7.0.0rc2. La actualización corregirá la vulnerabilidad de ejecución remota de código.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-22116 is a critical Remote Code Execution vulnerability in Zabbix, allowing administrators with restricted permissions to execute arbitrary code via the Ping script.
You are affected if you are running Zabbix versions 6.4.9 through 7.0.0rc2. Upgrade to 7.0.1 or later to mitigate the risk.
Upgrade to Zabbix version 7.0.1 or later. As a temporary workaround, restrict access to the Monitoring Hosts section to trusted administrators.
While no active exploitation has been confirmed, the high CVSS score and ease of exploitation suggest a high probability of exploitation.
Refer to the official Zabbix security advisory: [https://www.zabbix.com/security/advisories/ZBX-2701](https://www.zabbix.com/security/advisories/ZBX-2701)
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।