Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-42332

Опубликовано: 27 нояб. 2024
Источник: debian
EPSS Низкий

Описание

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
zabbixfixed1:7.0.5+dfsg-1package

Примечания

  • https://support.zabbix.com/browse/ZBX-25628

  • Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/e2982fbe05fe0a232c3fd71f2a3426a0bf400f77 (7.0.5rc1)

  • Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/c539a227623343187d9907186bce7c9c3bc57a52 (6.0.35rc1)

EPSS

Процентиль: 30%
0.00111
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-42332

CVSS3: 3.7
ubuntu
10 месяцев назад

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.

nvd логотип

CVE-2024-42332

CVSS3: 3.7
nvd
10 месяцев назад

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.

github логотип

GHSA-phjj-9p2g-26h9

CVSS3: 3.7
github
10 месяцев назад

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.

fstec логотип

BDU:2024-10773

CVSS3: 3.7
fstec
10 месяцев назад

Уязвимость демона snmptrapd универсальной системы мониторинга Zabbix, позволяющая нарушителю осуществить подмену пользовательского интерфейса

redos логотип

ROS-20250326-08

CVSS3: 9.1
redos
6 месяцев назад

Множественные уязвимости zabbix7-lts-server-pgsql

EPSS

Процентиль: 30%
0.00111
Низкий