Remote Code Execution Vulnerability in Zabbix Server from Zabbix
CVE-2020-11800

9CRITICAL

Key Information:

Vendor

Zabbix

Status
Zabbix
Vendor
CVE Published:
7 October 2020

What is CVE-2020-11800?

A vulnerability in Zabbix Server allows remote attackers to execute arbitrary code. The affected versions include Zabbix Server 2.2.x, 3.0.x before 3.0.31, and 3.2. This flaw can enable malicious actors to gain unauthorized access and control over the vulnerable system, presenting significant risks to data integrity and confidentiality.

References

https://support.zabbix.com/browse/DEV-1538
x_refsource_CONFIRM
https://support.zabbix.com/browse/ZBXSEC-30
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2020...
x_refsource_MISC

EPSS Score

47% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.