CVE-2017-2824OS Command Injection in Server

CWE-78OS Command Injection11 documents7 sources
Severity
8.1HIGHNVD
OSV9.8
EPSS
73.5%
top 1.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ZabbixZabbix Server
Timeline
PublishedMay 24
Latest updateJun 15

Description

An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

CVEListV5zabbix/zabbix_server2.4.8.r1
Debianzabbix/zabbix< 1:3.0.7+dfsg-3+3
Ubuntuzabbix/zabbix< 1:2.2.2+dfsg-1ubuntu1+esm4+3
NVDzabbix/zabbix10 versions+9

🔴Vulnerability Details

4
OSV
zabbix vulnerabilities2022-06-15
GHSA
GHSA-wcgg-mr8m-q73v: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 22022-05-13
OSV
CVE-2017-2824: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 22017-05-24
CVEList
CVE-2017-2824: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 22017-05-24

📋Vendor Advisories

2
Ubuntu
Zabbix vulnerabilities2022-06-15
Debian
CVE-2017-2824: zabbix - An exploitable code execution vulnerability exists in the trapper command functi...2017

💬Community

4
Bugzilla
CVE-2017-2824 CVE-2017-2825 zabbix: Multiple vulnerabilities [epel-6]2017-05-05
Bugzilla
CVE-2017-2824 CVE-2017-2825 zabbix: Multiple vulnerabilities2017-05-05
Bugzilla
CVE-2017-2824 CVE-2017-2825 zabbix22: zabbix: Multiple vulnerabilities [epel-all]2017-05-05
Bugzilla
CVE-2017-2824 CVE-2017-2825 zabbix20: zabbix: Multiple vulnerabilities [epel-all]2017-05-05
CVE-2017-2824 — OS Command Injection in Zabbix Server | cvebase