2024-08-12 14:03:14 +00:00
{
"id" : "CVE-2024-22123" ,
"sourceIdentifier" : "security@zabbix.com" ,
"published" : "2024-08-12T13:38:16.520" ,
2024-12-10 17:03:57 +00:00
"lastModified" : "2024-12-10T16:32:45.670" ,
"vulnStatus" : "Analyzed" ,
2024-08-12 14:03:14 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI."
2024-08-18 02:03:12 +00:00
} ,
{
"lang" : "es" ,
"value" : "La configuraci\u00f3n de medios SMS permite configurar el archivo del m\u00f3dem GSM. Posteriormente este archivo se utiliza como dispositivo Linux. Pero debido a que todo es un archivo para Linux, es posible configurar otro archivo, por ejemplo, un archivo de registro y zabbix_server intentar\u00e1 comunicarse con \u00e9l como m\u00f3dem. Como resultado, el archivo de registro se romper\u00e1 con los comandos AT y una peque\u00f1a parte del contenido del archivo de registro se filtrar\u00e1 a la interfaz de usuario."
2024-08-12 14:03:14 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "security@zabbix.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 2.7 ,
"baseSeverity" : "LOW" ,
2024-08-12 14:03:14 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "LOW" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2024-08-12 14:03:14 +00:00
} ,
"exploitabilityScore" : 1.2 ,
"impactScore" : 1.4
2024-12-10 17:03:57 +00:00
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" ,
"baseScore" : 2.7 ,
"baseSeverity" : "LOW" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "NONE"
} ,
"exploitabilityScore" : 1.2 ,
"impactScore" : 1.4
2024-08-12 14:03:14 +00:00
}
]
} ,
"weaknesses" : [
{
"source" : "security@zabbix.com" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-94"
}
]
2024-12-10 17:03:57 +00:00
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-94"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.0.0" ,
"versionEndIncluding" : "5.0.42" ,
"matchCriteriaId" : "D5950D0D-9DFF-4B36-9AAF-43CBCEFE7101"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.0.0" ,
"versionEndIncluding" : "6.0.30" ,
"matchCriteriaId" : "D1D26F5C-A94F-4273-81D7-7DDF7541C3E7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.4.0" ,
"versionEndIncluding" : "6.4.15" ,
"matchCriteriaId" : "E0DA6900-EB3E-4867-BD97-243686EECADD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*" ,
"matchCriteriaId" : "93EB5757-7F98-4428-9616-C30A647A6612"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*" ,
"matchCriteriaId" : "DA00BDB5-433F-44E5-87AC-DA01C64B5DB3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*" ,
"matchCriteriaId" : "98C46C92-9D86-45CD-88FE-DFBB5502BB88"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha4:*:*:*:*:*:*" ,
"matchCriteriaId" : "B568E6DD-A6D1-4402-BB40-7DA2596A5BC8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha5:*:*:*:*:*:*" ,
"matchCriteriaId" : "B9C3673B-8459-4C63-8E90-724D1D42A8BB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha6:*:*:*:*:*:*" ,
"matchCriteriaId" : "7C9F6957-7526-4852-A579-DE556DBFAA97"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha7:*:*:*:*:*:*" ,
"matchCriteriaId" : "81A7A191-93DE-4C5D-963E-E8890FF7AACA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha8:*:*:*:*:*:*" ,
"matchCriteriaId" : "AEE202D5-3C88-43A5-9328-FC78D0B9B8CF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha9:*:*:*:*:*:*" ,
"matchCriteriaId" : "F88BFB75-7951-47D5-941F-3839E9E31FFA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:beta1:*:*:*:*:*:*" ,
"matchCriteriaId" : "8216247E-C160-4D2C-906E-9D8CD731B5C2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:beta2:*:*:*:*:*:*" ,
"matchCriteriaId" : "06548219-0DC3-4B5B-85D1-B1EE0FA30CD2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:beta3:*:*:*:*:*:*" ,
"matchCriteriaId" : "4D23985B-2F4D-41F6-B9D6-7B184FC7E447"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:rc1:*:*:*:*:*:*" ,
"matchCriteriaId" : "97964B9B-6A5E-4547-8886-E81B0849A876"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zabbix:zabbix:7.0.0:rc2:*:*:*:*:*:*" ,
"matchCriteriaId" : "40992B5F-0D83-4D5C-9188-E84C369FF92F"
}
]
}
]
2024-08-12 14:03:14 +00:00
}
] ,
"references" : [
{
"url" : "https://support.zabbix.com/browse/ZBX-25013" ,
2024-12-10 17:03:57 +00:00
"source" : "security@zabbix.com" ,
"tags" : [
"Vendor Advisory"
]
2024-08-12 14:03:14 +00:00
}
]
}
