CVE-2023-32727

Опубликовано: 18 дек. 2023

Источник: debian

EPSS Низкий

Описание

An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
zabbix	fixed	1:6.0.23+dfsg-1		package
zabbix	ignored		bookworm	package
zabbix	not-affected		buster	package

Примечания

https://support.zabbix.com/browse/ZBX-23857
https://github.com/zabbix/zabbix/commit/93e090592fc6de7ec5d3d42c1bb9074ad1f3ba34 (6.0.23rc1)
https://github.com/zabbix/zabbix/commit/610f9fdbb86667f4094972547deb936c6cdfc6d5 (6.0.23rc1)
introduced in https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/57abe5a1f2c208d05cc59029026098c2f13ed464 (4.4.0alpha3)

EPSS

Процентиль: 64%

0.00464

Низкий

Связанные уязвимости

CVE-2023-32727

CVSS3: 6.8

ubuntu

больше 2 лет назад

An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.

CVE-2023-32727

CVSS3: 6.8

nvd

больше 2 лет назад

An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.

openSUSE-SU-2023:0419-1

suse-cvrf

около 2 лет назад

Security update for zabbix

openSUSE-SU-2023:0418-1

suse-cvrf

около 2 лет назад

Security update for zabbix

GHSA-8h32-vcmm-pcx8

CVSS3: 7.2

github

больше 2 лет назад

An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.

EPSS

Процентиль: 64%

0.00464

Низкий