Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-42332

Опубликовано: 27 нояб. 2024
Источник: debian
EPSS Низкий

Описание

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
zabbixfixed1:7.0.5+dfsg-1package

Примечания

  • https://support.zabbix.com/browse/ZBX-25628

  • Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/e2982fbe05fe0a232c3fd71f2a3426a0bf400f77 (7.0.5rc1)

  • Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/c539a227623343187d9907186bce7c9c3bc57a52 (6.0.35rc1)

EPSS

Процентиль: 23%
0.00074
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-42332

CVSS3: 3.7
ubuntu
7 месяцев назад

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.

nvd логотип

CVE-2024-42332

CVSS3: 3.7
nvd
7 месяцев назад

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.

github логотип

GHSA-phjj-9p2g-26h9

CVSS3: 3.7
github
7 месяцев назад

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.

fstec логотип

BDU:2024-10773

CVSS3: 3.7
fstec
7 месяцев назад

Уязвимость демона snmptrapd универсальной системы мониторинга Zabbix, позволяющая нарушителю осуществить подмену пользовательского интерфейса

redos логотип

ROS-20250326-08

CVSS3: 9.1
redos
3 месяца назад

Множественные уязвимости zabbix7-lts-server-pgsql

EPSS

Процентиль: 23%
0.00074
Низкий