Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://support.zabbix.com/browse/ZBX-25013 |
History
Fri, 09 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 09 Aug 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
Fri, 09 Aug 2024 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI. | |
Title | Zabbix Arbitrary File Read | |
Weaknesses | CWE-94 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Zabbix
Published: 2024-08-09T10:57:08.143Z
Updated: 2024-08-09T14:41:24.330Z
Reserved: 2024-01-05T07:44:01.395Z
Link: CVE-2024-22123
Vulnrichment
Updated: 2024-08-09T14:41:10.754Z
NVD
Status : Awaiting Analysis
Published: 2024-08-12T13:38:16.520
Modified: 2024-08-12T13:41:36.517
Link: CVE-2024-22123
Redhat
No data.