Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-4502 — Zabbix vulnerability

CWE-2647 documents6 sources

Severity

9.3CRITICALNVD

EPSS

64.1%

top 1.56%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zabbix Debian Zabbix

Timeline

PublishedDec 31

Latest updateMay 2

Description

The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/zabbix< zabbix 1:1.8-1 (bookworm)

▶Debianzabbix/zabbix< 1:1.8-1+3

▶NVDzabbix/zabbix1.6.6+8

🔴Vulnerability Details

GHSA

GHSA-v6qg-5p9x-9hh9: The NET_TCP_LISTEN function in net↗2022-05-02

▶

OSV

CVE-2009-4502: The NET_TCP_LISTEN function in net↗2009-12-31

▶

💥Exploits & PoCs

Exploit-DB

Zabbix Agent - 'net.tcp.listen' Command Injection (Metasploit)↗2010-07-03

▶

Exploit-DB

Zabbix Agent < 1.6.7 - Remote Bypass↗2009-12-14

▶

Metasploit

Zabbix Agent net.tcp.listen Command Injection↗

▶

📋Vendor Advisories

Debian

CVE-2009-4502: zabbix - The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running ...↗2009

▶