zabbix
में ठीक किया गया
5.0.43
6.0.31
6.4.16
7.0.1
CVE-2024-22123 describes an Arbitrary File Access vulnerability affecting Zabbix versions 5.0.0 through 7.0.0rc2. This flaw allows an attacker to manipulate SMS media settings to target log files, resulting in the leakage of log file content to the user interface. The vulnerability has a CVSS score of 2.7 (LOW) and is resolved in Zabbix version 7.0.1.
The primary impact of CVE-2024-22123 lies in the potential for information disclosure. An attacker, by exploiting the SMS media configuration, can trick the Zabbix server into attempting to communicate with a log file as if it were a GSM modem. This action corrupts the log file with AT commands and exposes a small portion of its contents within the Zabbix UI. While the amount of data leaked is limited, this could include sensitive information logged by the Zabbix server, such as system events, user activity, or error messages. The risk is amplified in environments where Zabbix is used to monitor critical infrastructure or applications, as leaked logs could provide valuable insights for further attacks.
CVE-2024-22123 was publicly disclosed on August 9, 2024. As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability's EPSS score is likely low, given the limited impact and lack of public exploits. It is not currently listed on the CISA KEV catalog.
Organizations utilizing Zabbix for monitoring, particularly those with SMS integration enabled, are at risk. Shared hosting environments where multiple users share a Zabbix instance are especially vulnerable, as a compromised user account could be leveraged to exploit this vulnerability.
• linux / server:
journalctl -u zabbix-server | grep -i "AT commands"• linux / server:
ps aux | grep -i "zabbix_server" | grep -i "modem"• generic web: Check Zabbix UI for unusual log entries or error messages related to modem communication. • generic web: Review Zabbix configuration files for suspicious SMS media settings.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.40% (61% शतमक)
CISA SSVC
CVSS वेक्टर
The recommended mitigation for CVE-2024-22123 is to immediately upgrade Zabbix to version 7.0.1 or later, which contains the fix. If upgrading is not immediately feasible, consider restricting access to SMS media configuration settings to trusted users only. Implement strict input validation on any user-provided data related to SMS media, preventing the injection of malicious file paths. Monitor Zabbix logs for unusual activity, particularly attempts to access or modify log files in unexpected ways. After upgrading, confirm the fix by attempting to reproduce the vulnerability using the described exploitation method and verifying that the log file remains intact.
Actualice Zabbix a una versión que haya corregido la vulnerabilidad. Consulte el anuncio de seguridad de Zabbix para obtener detalles sobre las versiones afectadas y las versiones corregidas. Evite configurar SMS media con archivos arbitrarios.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-22123 is a vulnerability in Zabbix allowing attackers to read portions of log files by manipulating SMS media settings, potentially leaking sensitive data.
You are affected if you are running Zabbix versions 5.0.0 through 7.0.0rc2. Upgrade to 7.0.1 or later to mitigate the risk.
Upgrade Zabbix to version 7.0.1 or later. As a temporary workaround, restrict access to SMS media configuration settings.
As of now, there are no publicly known active exploits for CVE-2024-22123.
Refer to the official Zabbix security advisory for detailed information and updates: https://www.zabbix.com/security/advisories/.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।