CVE-2024-22122

EUVD-2024-19718
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3 LOW
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N
ZabbixCNA
3 LOW
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
zabbixzabbix
5.0.0 ≤
𝑥
≤ 5.0.42
zabbixzabbix
6.0.0 ≤
𝑥
≤ 6.0.30
zabbixzabbix
6.4.0 ≤
𝑥
≤ 6.4.15
zabbixzabbix
7.0.0:alpha1
zabbixzabbix
7.0.0:alpha2
zabbixzabbix
7.0.0:alpha3
zabbixzabbix
7.0.0:alpha4
zabbixzabbix
7.0.0:alpha5
zabbixzabbix
7.0.0:alpha6
zabbixzabbix
7.0.0:alpha7
zabbixzabbix
7.0.0:alpha8
zabbixzabbix
7.0.0:alpha9
zabbixzabbix
7.0.0:beta1
zabbixzabbix
7.0.0:beta2
zabbixzabbix
7.0.0:beta3
zabbixzabbix
7.0.0:rc1
zabbixzabbix
7.0.0:rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zabbix
bookworm
vulnerable
bullseye
vulnerable
bullseye (security)
1:5.0.46+dfsg-1+deb11u1
fixed
sid
1:7.0.10+dfsg-2
fixed
trixie
1:7.0.10+dfsg-2
fixed
Common Weakness Enumeration
References
https://support.zabbix.com/browse/ZBX-25012
https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html