CVE-2024-22116

Published Aug 12, 2024

Last updated 3 months ago

CVSS critical 9.9

Overview

Description
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.
Source
security@zabbix.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@zabbix.com
CWE-94

Social media

Hype score
Not currently trending

  1. Zabbix Server Vulnerability Lets Attacker Execute Arbitrary Code Via Ping Script A critical security vulnerability, identified as CVE-2024-22116, has been patched in Zabbix, a popular monitoring solution. The vulnerability allowed an administrator with... https://t.co/eepEKEWDRn

    @SecurityAid

    11 Nov 2024

    24 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References