CVE-2017-2824
published 2017-05-24CVE-2017-2824: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a…
PriorityP261high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
26.10%
97.7th percentile
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | zabbix | < zabbix 1:3.0.7+dfsg-3 (bookworm) | zabbix 1:3.0.7+dfsg-3 (bookworm) |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | — | — |
| zabbix | zabbix | >= 0 < 1:3.0.7+dfsg-3 | 1:3.0.7+dfsg-3 |
| zabbix | zabbix | >= 0 < 1:3.0.7+dfsg-3 | 1:3.0.7+dfsg-3 |
| zabbix | zabbix | >= 0 < 1:3.0.7+dfsg-3 | 1:3.0.7+dfsg-3 |
| zabbix | zabbix | >= 0 < 1:3.0.7+dfsg-3 | 1:3.0.7+dfsg-3 |
| zabbix | zabbix | >= 0 < 1:2.2.2+dfsg-1ubuntu1+esm4 | 1:2.2.2+dfsg-1ubuntu1+esm4 |
| zabbix | zabbix | >= 0 < 1:2.4.7+dfsg-2ubuntu2.1+esm3 | 1:2.4.7+dfsg-2ubuntu2.1+esm3 |
| zabbix | zabbix | >= 0 < 1:3.0.12+dfsg-1ubuntu0.1~esm3 | 1:3.0.12+dfsg-1ubuntu0.1~esm3 |
| zabbix | zabbix | >= 0 < 1:4.0.17+dfsg-1ubuntu0.1~esm1 | 1:4.0.17+dfsg-1ubuntu0.1~esm1 |
| zabbix | zabbix_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
42326
snort↗
42337
- →Monitor for command injection attempts in Zabbix 'discovery' requests sent from active Zabbix Proxy to Zabbix Server trapper API — attacker inserts arbitrary commands into the Zabbix database via this vector. ↗
- →Detect two-stage exploitation: first a crafted 'discovery' request inserts a malicious command record into the DB, then a follow-up request triggers execution of that record — look for anomalous trapper packets from proxy-sourced connections. ↗
- →Restrict or alert on connections to the Zabbix Server trapper port from hosts not in the authorized Zabbix Proxy allowlist — exploitation requires requests originating from an active Zabbix Proxy. ↗
- ·Vulnerability is exploitable only against Zabbix Server 2.4.X (specifically confirmed 2.4.7–2.4.8r1); detection rules and mitigations should be scoped to these versions. ↗
- ·Snort rules 42326 and 42337 may be updated over time; always pull the latest rule definitions from Defense Center or Snort.org rather than relying on static copies. ↗
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Zabbix vulnerabilities
vendor_ubuntu·2022-06-15·CVSS 9.8
CVE-2016-10742 [CRITICAL] Zabbix vulnerabilities
Title: Zabbix vulnerabilities
Summary: Several security issues were fixed in Zabbix.
Fu Chuang discovered that Zabbix did not properly parse IPs. A remote
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2020-11800)
It was discovered that Zabbix incorrectly handled certain requests. A
remote attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2017-2824, CVE-2017-2825)
It was discovered that Zabbix incorrectly handled certain XML files. A
remote attacker could possibly use this issue to read arbitrary files or
potentially execute arbitrary code. This issue only affected
Ubuntu 14.04 ESM. (CVE-2014-3005)
Debian
CVE-2017-2824: zabbix - An exploitable code execution vulnerability exists in the trapper command functi...
vendor_debian·2017·CVSS 8.1
CVE-2017-2824 [HIGH] CVE-2017-2824: zabbix - An exploitable code execution vulnerability exists in the trapper command functi...
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
Scope: local
bookworm: resolved (fixed in 1:3.0.7+dfsg-3)
bullseye: resolved (fixed in 1:3.0.7+dfsg-3)
forky: resolved (fixed in 1:3.0.7+dfsg-3)
sid: resolved (fixed in 1:3.0.7+dfsg-3)
trixie: resolved (fixed in 1:3.0.7+dfsg-3)
OSV
zabbix vulnerabilities
osv·2022-06-15·CVSS 9.8
CVE-2020-11800 [CRITICAL] zabbix vulnerabilities
zabbix vulnerabilities
Fu Chuang discovered that Zabbix did not properly parse IPs. A remote
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2020-11800)
It was discovered that Zabbix incorrectly handled certain requests. A
remote attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2017-2824, CVE-2017-2825)
It was discovered that Zabbix incorrectly handled certain XML files. A
remote attacker could possibly use this issue to read arbitrary files or
potentially execute arbitrary code. This issue only affected
Ubuntu 14.04 ESM. (CVE-2014-3005)
It was discovered that Zabbix incorrectly handled certain inp
GHSA
GHSA-wcgg-mr8m-q73v: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2
ghsa_unreviewed·2022-05-13
CVE-2017-2824 [HIGH] CWE-78 GHSA-wcgg-mr8m-q73v: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
OSV
CVE-2017-2824: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2
osv·2017-05-24·CVSS 8.1
CVE-2017-2824 [HIGH] CVE-2017-2824: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-2824 CVE-2017-2825 zabbix: Multiple vulnerabilities [epel-6]
bugzilla·2017-05-05·CVSS 8.1
CVE-2017-2824 [HIGH] CVE-2017-2824 CVE-2017-2825 zabbix: Multiple vulnerabilities [epel-6]
CVE-2017-2824 CVE-2017-2825 zabbix: Multiple vulnerabilities [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template to for the 'fedpkg updat
Bugzilla
CVE-2017-2824 CVE-2017-2825 zabbix: Multiple vulnerabilities
bugzilla·2017-05-05·CVSS 8.1
CVE-2017-2824 [HIGH] CVE-2017-2824 CVE-2017-2825 zabbix: Multiple vulnerabilities
CVE-2017-2824 CVE-2017-2825 zabbix: Multiple vulnerabilities
Two vulnerabilities in the Zabbix server were reported by the Cisco TALOS.
CVE-2017-2824
TALOS-2017-0325
Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X . A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
http://www.talosintelligence.com/reports/TALOS-2017-0325/
CVE-2017-2825
TALOS-2017-0326
Zabbix Proxy Server SQL Database Write Vulnerability
An exploitable database write vulnerability exists in the trapper functionality of Zabbix Server 2.4.X . Specific
Bugzilla
CVE-2017-2824 CVE-2017-2825 zabbix22: zabbix: Multiple vulnerabilities [epel-all]
bugzilla·2017-05-05·CVSS 8.1
CVE-2017-2824 [HIGH] CVE-2017-2824 CVE-2017-2825 zabbix22: zabbix: Multiple vulnerabilities [epel-all]
CVE-2017-2824 CVE-2017-2825 zabbix22: zabbix: Multiple vulnerabilities [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versio
Bugzilla
CVE-2017-2824 CVE-2017-2825 zabbix20: zabbix: Multiple vulnerabilities [epel-all]
bugzilla·2017-05-05·CVSS 8.1
CVE-2017-2824 [HIGH] CVE-2017-2824 CVE-2017-2825 zabbix20: zabbix: Multiple vulnerabilities [epel-all]
CVE-2017-2824 CVE-2017-2825 zabbix20: zabbix: Multiple vulnerabilities [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versio
Talos
Vulnerability Spotlight: Multiple Vulnerabilities in Zabbix
blogs_talos·2017-04-27·CVSS 8.1
[HIGH] Vulnerability Spotlight: Multiple Vulnerabilities in Zabbix
These vulnerabilities were discovered by Lilith Wyatt of Cisco ASIG
## SummaryZabbix is an enterprise monitoring solution that is designed to give organizations the ability to monitor the health and status of various systems within their networks, including: network services, servers, and networking equipment. Cisco recently discovered multiple vulnerabilities in the Zabbix Server software component that could be leveraged by attackers to write directly to the Zabbix Proxy database or achieve remote code execution on the Zabbix Server. Cisco worked with Zabbix to responsibly disclose these vulnerabilities and ensure that a patch is available. Zabbix has released public advisories regarding these vulnerabilities which are locatedhereandhere.
## Vulnerability Details
### Zabbix Server Act
Talos
Vulnerability Spotlight: Multiple Vulnerabilities in Zabbix
blogs_talos·2017-04-27·CVSS 8.1
[HIGH] Vulnerability Spotlight: Multiple Vulnerabilities in Zabbix
## Vulnerability Spotlight: Multiple Vulnerabilities in Zabbix
These vulnerabilities were discovered by Lilith Wyatt of Cisco ASIG
## Summary Zabbix is an enterprise monitoring solution that is designed to give organizations the ability to monitor the health and status of various systems within their networks, including: network services, servers, and networking equipment. Cisco recently discovered multiple vulnerabilities in the Zabbix Server software component that could be leveraged by attackers to write directly to the Zabbix Proxy database or achieve remote code execution on the Zabbix Server. Cisco worked with Zabbix to responsibly disclose these vulnerabilities and ensure that a patch is available. Zabbix has released public advisories regarding these vulnerabilities which are loc
2017-05-24
Published