Restricted Access Leads to Infrastructure Compromise
CVE-2024-22116

7.2HIGH

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 12 August 2024

Badges

📰 News Worthy

What is CVE-2024-22116?

The vulnerability identified as CVE-2024-22116 in the Zabbix monitoring solution allowed administrators with restricted permissions to execute arbitrary code via the Ping script in the Monitoring Hosts section. This posed a serious risk of infrastructure compromise. The vulnerability affected versions 6.4.0 to 6.4.15 and 7.0.0alpha1 to 7.0.0rc2, with a CVSS score of 9.9. Zabbix released patched versions 6.4.16rc1 and 7.0.0rc3 to fix the issue and urged users to upgrade to these versions immediately to prevent potential exploitation. No known ransomware groups have exploited this vulnerability.

Affected Version(s)

Zabbix 6.4.9 <= 6.4.15

Zabbix 7.0.0alpha1 <= 7.0.0rc2

News Articles

CybersecurityNews

CVE-2024-22116

Zabbix Server Vulnerability Lets Attacker Execute Arbitrary Code Via Ping Script

A critical security vulnerability, identified as CVE-2024-22116, has been patched in Zabbix, a popular monitoring solution.

References

https://support.zabbix.com/browse/ZBX-25016

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by CybersecurityNews
Aug 13, 2024
Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Jan 5, 2024

Credit

Zabbix wants to thank justonezero and Qusai Alhaddad (qusaialhaddad) who submitted this report in HackerOne bug bounty platform