-
Defect (Security)
-
Resolution: Fixed
-
Minor
-
5.0.42, 6.0.30, 6.4.15, 7.0.0rc2
-
None
| Mitre ID | CVE-2024-22121 |
| CVSS score | 6.1 |
| CVSS vector | https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L |
| Severity | Medium |
| Summary | Zabbix Agent MSI Installer Allows Non-Admin User to Access Change Option via msiexec.exe |
| Description | A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application. |
| Common Weakness Enumeration (CWE) | CWE-281 Improper Preservation of Permissions |
| Common Attack Pattern Enumeration and Classification (CAPEC) | CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels |
| Known attack vectors | This vulnerability can allow a non-admin user to change or remove important features (e.g. removing Zabbix Agent Service) within the application, thus impacting the integrity and availability of the application. |
| Details | Zabbix Agent is currently installed on the target machine. The attacker (non-admin user) wants to modify certain features within the Zabbix Agent but cannot do so because it normally requires Administrator privileges when running the normal installer. Therefore, to circumvent this, the attacker (non-admin user) runs the msiexec.exe /i command to launch the application's MSI installer and successfully access the Change option without Administrator privileges. After running, the attacker (non-admin user) successfully removed the Zabbix Agent Service from the system. |
| Patch provided | No |
| Component/s | Agent |
| Affected and fixed version/s | 5.0.0 - 5.0.42 / 5.0.43rc1 6.0.0 - 6.0.30 / 6.0.31rc1 6.4.0 - 6.4.15 / 6.4.16rc1 7.0.0alpha1 - 7.0.0rc2 / 7.0.0rc3 |
| Fix compatibility tests | - |
| Resolution | Fixed |
| Workarounds | - |
| Acknowledgements | Zabbix wants to thank gee-netics who submitted this report in HackerOne bug bounty platform |