CVE-2024-36466 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Zabbix	CNA	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Vendor	Product	Version
zabbix	zabbix	6.0.0 ≤ 𝑥 < 6.0.32
zabbix	zabbix	6.4.0 ≤ 𝑥 < 6.4.17
zabbix	zabbix	7.0.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

zabbix

bullseye	1:5.0.8+dfsg-1 not-affected
bullseye (security)	1:5.0.46+dfsg-1+deb11u1 fixed
bookworm	vulnerable
forky	1:7.0.10+dfsg-2 fixed
sid	1:7.0.10+dfsg-2 fixed
trixie	1:7.0.10+dfsg-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

zabbix

plucky	not-affected
oracular	not-affected
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

Common Weakness Enumeration

CWE-290 - Authentication Bypass by Spoofing
This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

References

https://support.zabbix.com/browse/ZBX-25635