CVE-2017-2826 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 49%

Affected Products (NVD)

Vendor	Product	Version
zabbix	zabbix	2.4.0
zabbix	zabbix	2.4.0:rc1
zabbix	zabbix	2.4.0:rc2
zabbix	zabbix	2.4.0:rc3
zabbix	zabbix	2.4.1
zabbix	zabbix	2.4.1:rc1
zabbix	zabbix	2.4.1:rc2
zabbix	zabbix	2.4.2
zabbix	zabbix	2.4.2:rc1
zabbix	zabbix	2.4.3
zabbix	zabbix	2.4.3:rc1
zabbix	zabbix	2.4.4
zabbix	zabbix	2.4.4:rc1
zabbix	zabbix	2.4.5
zabbix	zabbix	2.4.5:rc1
zabbix	zabbix	2.4.6
zabbix	zabbix	2.4.6:rc1
zabbix	zabbix	2.4.7
zabbix	zabbix	2.4.7:rc1
zabbix	zabbix	2.4.8
zabbix	zabbix	2.4.8:rc1
zabbix	zabbix	2.4.9
zabbix	zabbix	2.4.9:rc1
debian	debian_linux	8.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

zabbix

bookworm	1:6.0.14+dfsg-1 fixed
bullseye	1:5.0.8+dfsg-1 fixed
bullseye (security)	1:5.0.44+dfsg-1+deb11u1 fixed
jessie	ignored
sid	1:7.0.5+dfsg-1 fixed
stretch	ignored
trixie	1:7.0.3+dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

zabbix

artful	ignored
bionic	not-affected
cosmic	not-affected
disco	not-affected
eoan	not-affected
focal	not-affected
groovy	not-affected
hirsute	not-affected
impish	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	dne
trusty	needed
xenial	needed

Known Exploits!

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

https://lists.debian.org/debian-lts-announce/2019/03/msg00010.html

https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327

https://lists.debian.org/debian-lts-announce/2019/03/msg00010.html

https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327