CVE-2017-2824

Published May 24, 2017

Last updated 5 years ago

Overview

Description: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
Source: talos-cna@cisco.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-78

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B847CEDA-6C3E-44DC-952B-9F92EF2E060A"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "379C720C-1F28-487D-8AF8-873E916B18DC"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10D1EA2C-35CC-4E35-BA5C-B0BC9D3BEEEB"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A799E7F-C2FB-4F2C-A8C0-6254DAF8C625"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E036381E-C3B3-4E13-9FB3-1CAF15D900DF"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66CF407E-71E0-4163-B4E7-346BF6164183"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.1:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B81CDC64-CB3F-4939-BAC1-591F92D69D88"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9080E8A-E1E6-46CB-B766-D8E4B68C4B08"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.2:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "074D6347-699F-4FEB-969C-CC02751B17D6"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C32BD321-01C3-4910-9058-A5582A27A6D8"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.3:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEA0EC11-C95B-42E5-B5D0-6D938D7F909B"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85ACEED4-E5FD-42D2-BDF3-96B46EE2B9D7"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.4:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF7D63B5-8660-4B23-89EA-009EF560F95F"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B73B67B9-7184-4E7E-AA3D-52CD8A7A0CEC"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.5:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C2A84A1-06C7-4300-BEA6-39C4E7468665"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59B2EB47-2255-4B56-85A5-2B6261EA93AF"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.6:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55C1F15D-DF51-447D-87AD-C2DA4F118E32"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE8C066D-3290-4073-AF74-C13ED3C733DC"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.7:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A610E4AB-BA66-4059-B9C4-D13C4B54804A"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44D7778B-738C-42B4-81D7-DFB5456D8909"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.8:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C8623D3-5A16-45E7-8F26-6F1B7DAC51A3"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2E5EA48-E8E3-4214-9D23-25AB677FE96B"
          },
          {
            "criteria": "cpe:2.3:a:zabbix:zabbix:2.4.9:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "556EE336-9968-48A6-9B1B-064ABF39D95A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References