CVE-2024-22122

Published Aug 12, 2024

Last updated 3 months ago

CVSS low 3.0

Overview

Description
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.
Source
security@zabbix.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
3
Impact score
1.4
Exploitability score
1.3
Vector string
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N
Severity
LOW

Weaknesses

security@zabbix.com
CWE-77

Social media

Hype score
Not currently trending

References