SQL Injection Vulnerability in Zabbix API for Non-Admin Users
CVE-2024-42327

9.9CRITICAL

Key Information:

Vendor
Zabbix
Status
Zabbix
Vendor
CVE Published:
27 November 2024

Badges

πŸ₯‡ Trended No. 1πŸ“ˆ TrendedπŸ“ˆ Score: 4,870πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 86%πŸ“° News Worthy

What is CVE-2024-42327?

CVE-2024-42327 is a critical vulnerability found within the Zabbix frontend, an open-source monitoring solution widely used for IT infrastructure management. This vulnerability arises when a non-admin user account, even with a peripheral role such as the default User role that allows API access, can exploit a SQL injection flaw. This security weakness could potentially lead to unauthorized data access and manipulation, jeopardizing the confidentiality and integrity of sensitive organizational information.

Technical Details

The root of CVE-2024-42327 lies in a specific SQL injection vulnerability in the CUser class, specifically within the addRelatedObjects function. This function is invoked through the CUser.get function, which is accessible to any user granted API access. The exploitable nature of this flaw enables attackers to execute unauthorized SQL commands, allowing for potential data breaches or unauthorized alterations to the database.

Impact of the Vulnerability

  1. Unauthorized Data Access: This vulnerability permits attackers with non-admin accounts to gain access to sensitive data that they should not have permission to view, leading to significant privacy and confidentiality breaches.

  2. Data Manipulation Risks: Exploiting this vulnerability may enable attackers to modify or delete important data within the database. Such actions could disrupt the normal operation of monitoring processes and lead to severe operational impacts.

  3. Increased Attack Surface: The availability of this vulnerability to non-admin users increases the risk of exploitation by malicious actors, particularly through automated scripts. This elevates the risk of various cyber threats including data exfiltration and unauthorized control over the monitoring system.

Affected Version(s)

Zabbix 6.0.0 <= 6.0.31

Zabbix 6.4.0 <= 6.4.16

Zabbix 7.0.0 <= 7.0.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Zabbix-CVE-2024-42327-SQL-Injection-RCE
Created by BridgerAlderson

CVE-2024-42327
Created by compr00t

CVE-2024-42327
Created by godylockz

News Articles

favicon imageCyberWire

Over 5,500 suspects arrested in Interpol operation targeting cybercrime.

Rockstar phishing kit targets Microsoft 365 users. Zabbix discloses critical vulnerability.

favicon imageSecurityWeek

Critical Vulnerability Found in Zabbix Network Monitoring Tool

A critical-severity vulnerability in open source enterprise network monitoring tool Zabbix could lead to full system compromise.

favicon imageThe Register

Zabbix urges upgrades after SQL injection bug disclosure

Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that could lead to full system compromise. Tracked as CVE-2024-42327, the SQL...

References

https://support.zabbix.com/browse/ZBX-25623

EPSS Score

86% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ₯‡

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ’°

    Used in Ransomware

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by The Register

  • Vulnerability published

Credit

Zabbix wants to thank MΓ‘rk RΓ‘kΓ³czi (reeeeeeeeeeee) for submitting this report on the HackerOne bug bounty platform.
.