Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-6692Use of Externally-Controlled Format String in Zabbix

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
6.0%
top 9.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
ZabbixDebian Zabbix
Timeline
PublishedDec 21
Latest updateMay 1

Description

Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/zabbix< zabbix 1:1.1.2-4 (bookworm)
Debianzabbix/zabbix< 1:1.1.2-4+3
NVDzabbix/zabbix1.1.2

🔴Vulnerability Details

2
GHSA
GHSA-98m4-j87f-4xfc: Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute2022-05-01
OSV
CVE-2006-6692: Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute2006-12-21

💥Exploits & PoCs

1
Exploit-DB
Zabbix 1.1.2 - Multiple Remote Code Execution Vulnerabilities2006-10-09

📋Vendor Advisories

1
Debian
CVE-2006-6692: zabbix - Multiple format string vulnerabilities in zabbix before 20061006 allow attackers...2006