-
Defect (Security)
-
Resolution: Fixed
-
Minor
-
None
-
None
-
None
| Mitre ID | CVE-2023-32727 |
| CVSS score | 6.8 |
| CVSS vector | https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
| Severity | Medium |
| Summary | icmpping() code execution vulnerability |
| Description | An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. |
| Common Weakness Enumeration (CWE) | CWE-20 Improper Input Validation |
| Common Attack Pattern Enumeration and Classification (CAPEC) | CAPEC-248 Command Injection |
| Known attack vectors | Current vulnerability can cause command injection |
| Patch provided | No |
| Component/s | Server |
| Affected version/s and fix version/s | 4.0.0 - 4.0.49 / 4.0.50 5.0.0 - 5.0.38 / 5.0.39 6.0.0 - 6.0.22 / 6.0.23rc1 6.4.0 - 6.4.7 / 6.4.8rc1 7.0.0alpha0 - 7.0.0alpha6 / 7.0.0alpha7 |
| Fix compatibility tests | - |
| Resolution | Fixed |
| Workarounds | - |
| Acknowledgements | This vulnerability is reported in HackerOne bounty hunter platform by Philippe Antoine (catenacyber) |
- is duplicated by
-
ZBX-24244 A few simple check items became unavailable if only one fping fails
-
- Closed
-