CVE-2017-2825 — Zabbix vulnerability

12 documents7 sources

Severity

7.0HIGHNVD

OSV9.8

EPSS

0.6%

top 29.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Debian Zabbix Talos Zabbix +1 more

Timeline

PublishedApr 20

Latest updateJun 15

Description

In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:LExploitability: 2.2 | Impact: 4.7

Affected Packages5 packages

▶debiandebian/zabbix< zabbix 1:3.0.7+dfsg-3 (bookworm)

▶Debianzabbix/zabbix< 1:3.0.7+dfsg-3+3

▶Ubuntuzabbix/zabbix< 1:2.2.2+dfsg-1ubuntu1+esm4+3

▶NVDzabbix/zabbix2.4.0 — 2.4.8

▶CVEListV5talos/zabbixZabbix Server 2.4.8.r1

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

OSV

zabbix vulnerabilities↗2022-06-15

▶

GHSA

GHSA-h96q-8w2r-523f: In the trapper functionality of Zabbix Server 2↗2022-05-13

▶

OSV

CVE-2017-2825: In the trapper functionality of Zabbix Server 2↗2018-04-20

▶

📋Vendor Advisories

Ubuntu

Zabbix vulnerabilities↗2022-06-15

▶

Debian

CVE-2017-2825: zabbix - In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trappe...↗2017

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Multiple Vulnerabilities in Zabbix↗2017-04-27

▶

Talos

Vulnerability Spotlight: Multiple Vulnerabilities in Zabbix↗2017-04-27

▶

💬Community

Bugzilla

CVE-2017-2824 CVE-2017-2825 zabbix: Multiple vulnerabilities [epel-6]↗2017-05-05

▶

Bugzilla

CVE-2017-2824 CVE-2017-2825 zabbix: Multiple vulnerabilities↗2017-05-05

▶

Bugzilla

CVE-2017-2824 CVE-2017-2825 zabbix22: zabbix: Multiple vulnerabilities [epel-all]↗2017-05-05

▶

Bugzilla

CVE-2017-2824 CVE-2017-2825 zabbix20: zabbix: Multiple vulnerabilities [epel-all]↗2017-05-05

▶