A critical security vulnerability, identified as CVE-2024-22116, has been patched in Zabbix, a popular monitoring solution. The vulnerability allowed an administrator with restricted permissions to execute arbitrary code via the Ping script in the Monitoring Hosts section, potentially compromising the infrastructure.
The vulnerability, which had a CVSS score of 9.9, was discovered by justonezero, a security researcher who submitted the report through the HackerOne bug bounty platform. Zabbix has acknowledged and thanked justonezero for their contribution to the platform’s security.
“An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.” Zabbix reported.
The vulnerability affected versions 6.4.0 to 6.4.15 and 7.0.0alpha1 to 7.0.0rc2. A patch has been released in versions 6.4.16rc1 and 7.0.0rc3, which fixes the issue.
According to the Common Weakness Enumeration (CWE), the vulnerability is classified as CWE-94, Improper Control of Generation of Code (‘Code Injection’). The Common Attack Pattern Enumeration and Classification (CAPEC) identifies the vulnerability as CAPEC-253, Remote Code Inclusion.
Zabbix has confirmed that the vulnerability has been fixed and no workarounds are available. Users are advised to upgrade to the patched versions to ensure the security of their monitoring environment.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces
Zabbix Server Vulnerability Technical Specifications:
- Common Weakness Enumeration (CWE): CWE-94, Improper Control of Generation of Code (‘Code Injection’)
- Common Attack Pattern Enumeration and Classification (CAPEC): CAPEC-253, Remote Code Inclusion
- Affected Versions: 6.4.0 – 6.4.15, 7.0.0alpha1 – 7.0.0rc2
- Fixed Versions: 6.4.16rc1, 7.0.0rc3
The issue has been resolved in the latest release candidates, versions 6.4.16rc1 and 7.0.0rc3. Users are strongly encouraged to update to these versions to mitigate the risk of exploitation.
Users are advised to upgrade to the patched versions as soon as possible to prevent potential exploitation of the vulnerability.
Users of Zabbix Server versions 6.4.0 to 6.4.15 and 7.0.0alpha1 to 7.0.0rc2 should upgrade to the fixed versions immediately to ensure their systems are protected against potential attacks. No workarounds are available, so updating is essential for maintaining security.
For more information about the vulnerability and the patch, users can refer to the official Zabbix release notes and security advisories.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot