Details
-
Patch request
-
Status: Closed
-
Trivial
-
Resolution: Declined
-
None
-
None
-
None
-
None
-
Appliance
Description
Hello,
In the scripts menu in administration page, the app aven't got any filter at all.
It's possible for an user with suffisant right to make Zabbix app act like an C&C and get a shell in any host he whant. That's not very secure .
I found many of zabbix servers with the nmap binnary accessible in sudo without password for the zabbix user. Result a reverse shell by the script lunched in the app on the host and a privilege escalation with the common exploitation of nmap with a crafted NSE script lunched as root (sudo) to have a root shell on the instance.