CVE-2017-2826

LOW

Zabbix 2.4.X - Information Disclosure via iConfig Proxy Request

Title source: llm
STIX 2.1

Description

An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/03/msg00010.html

Scores

CVSS v3 3.7
EPSS 0.0339
EPSS Percentile 87.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (11)
debian/debian_linux 8.0
zabbix/zabbix 2.4.0 (4 CPE variants)
zabbix/zabbix 2.4.1 (3 CPE variants)
zabbix/zabbix 2.4.2 (2 CPE variants)
zabbix/zabbix 2.4.3 (2 CPE variants)
zabbix/zabbix 2.4.4 (2 CPE variants)
zabbix/zabbix 2.4.5 (2 CPE variants)
zabbix/zabbix 2.4.6 (2 CPE variants)
zabbix/zabbix 2.4.7 (2 CPE variants)
zabbix/zabbix 2.4.8 (2 CPE variants)
... and 1 more
Published Apr 09, 2018
Tracked Since Feb 18, 2026