Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-22120 — Improper Input Validation in Zabbix

CWE-20 — Improper Input Validation8 documents8 sources

Severity

8.8HIGHNVD

VulnCheck9.1

EPSS

92.3%

top 0.28%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zabbix Debian Zabbix

Timeline

PublishedMay 17

Latest updateSep 19

Description

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDzabbix/zabbix6.0.0 — 6.0.28+2

▶debiandebian/zabbix< zabbix 1:6.0.29+dfsg-1 (forky)

▶Debianzabbix/zabbix< 1:6.0.29+dfsg-1+1

▶CVEListV5zabbix/zabbix6.0.0 — 6.0.27+2

🔴Vulnerability Details

OSV

CVE-2024-22120: Zabbix server can perform command execution for configured scripts↗2024-05-17

▶

GHSA

GHSA-625f-58w6-wj9f: Zabbix server can perform command execution for configured scripts↗2024-05-17

▶

VulnCheck

zabbix zabbix Improper Input Validation↗2024

▶

💥Exploits & PoCs

Nuclei

Zabbix Server - Time-Based Blind SQL injection

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Zabbix Server Blind SQL Injection via clientip Parameter (CVE-2024-22120)↗2024-09-19

▶

📋Vendor Advisories

Debian

CVE-2024-22120: zabbix - Zabbix server can perform command execution for configured scripts. After comman...↗2024

▶

🕵️Threat Intelligence

Greynoiseio

NoiseLetter May 2024↗

▶