CVE-2024-22123

LOW

Zabbix 5.0.0-5.0.41 - Arbitrary File Write via SMS Media GSM Modem File Setting

Title source: llm

Description

Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI.

References (2)

Core 2

Core References

Vendor Advisory

https://support.zabbix.com/browse/ZBX-25013

Mailing List

https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html

Scores

CVSS v3 2.7

EPSS 0.0057

EPSS Percentile 43.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-94

Status published

Products (2)

zabbix/zabbix 7.0.0 alpha1 (14 CPE variants)

zabbix/zabbix 5.0.0 - 5.0.42

Published Aug 12, 2024

Tracked Since Feb 18, 2026