SQL Injection Vulnerability in Zabbix API for Non-Admin Users

CVE-2024-42327

9.9CRITICAL

Key Information

Vendor
Zabbix
Status
Zabbix
Vendor
CVE Published:
27 November 2024

Badges

πŸ₯‡ Trended No. 1πŸ“ˆ TrendedπŸ“ˆ Score: 4,870πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2024-42327?

CVE-2024-42327 is a critical vulnerability found within the Zabbix frontend, an open-source monitoring solution widely used for IT infrastructure management. This vulnerability arises when a non-admin user account, even with a peripheral role such as the default User role that allows API access, can exploit a SQL injection flaw. This security weakness could potentially lead to unauthorized data access and manipulation, jeopardizing the confidentiality and integrity of sensitive organizational information.

Technical Details

The root of CVE-2024-42327 lies in a specific SQL injection vulnerability in the CUser class, specifically within the addRelatedObjects function. This function is invoked through the CUser.get function, which is accessible to any user granted API access. The exploitable nature of this flaw enables attackers to execute unauthorized SQL commands, allowing for potential data breaches or unauthorized alterations to the database.

Impact of the Vulnerability

  1. Unauthorized Data Access: This vulnerability permits attackers with non-admin accounts to gain access to sensitive data that they should not have permission to view, leading to significant privacy and confidentiality breaches.

  2. Data Manipulation Risks: Exploiting this vulnerability may enable attackers to modify or delete important data within the database. Such actions could disrupt the normal operation of monitoring processes and lead to severe operational impacts.

  3. Increased Attack Surface: The availability of this vulnerability to non-admin users increases the risk of exploitation by malicious actors, particularly through automated scripts. This elevates the risk of various cyber threats including data exfiltration and unauthorized control over the monitoring system.

Affected Version(s)

Zabbix <= 6.0.31

Zabbix <= 6.4.16

Zabbix <= 7.0.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-42327
Created by compr00t

CVE-2024-42327
Created by igorbf495

cve-2024-42327
Created by aramosf

News Articles

favicon imageCyberWire

Over 5,500 suspects arrested in Interpol operation targeting cybercrime.

Rockstar phishing kit targets Microsoft 365 users. Zabbix discloses critical vulnerability.

3 weeks ago

favicon imageSecurityWeek

Critical Vulnerability Found in Zabbix Network Monitoring Tool

A critical-severity vulnerability in open source enterprise network monitoring tool Zabbix could lead to full system compromise.

4 weeks ago

favicon imageThe Register

Zabbix urges upgrades after SQL injection bug disclosure

Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that could lead to full system compromise. Tracked as CVE-2024-42327, the SQL...

4 weeks ago

References

https://support.zabbix.com/browse/ZBX-25623

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ₯‡

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ’°

    Used in Ransomware

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by The Register

  • Vulnerability published

Collectors

NVD DatabaseMitre Database3 Proof of Concept(s)3 News Article(s)

Credit

Zabbix wants to thank MΓ‘rk RΓ‘kΓ³czi (reeeeeeeeeeee) for submitting this report on the HackerOne bug bounty platform.
.