Security News

Cybersecurity news aggregator

🔓
CRITICAL Vulnerabilities Web Discovery

Warning: Critical SQL Injection vulnerability in multiple Zabbix frontend versions can lead to privilege escalation, Patch Immediately! | CCB Safeonweb

zabbixsql-injectioncve-2024-42327mitre-ta0004mitre-t1190
A critical SQL injection vulnerability (CVE-2024-42327) in the
Read Full Article →

Warning: Critical SQL Injection vulnerability in multiple Zabbix frontend versions can lead to privilege escalation, Patch Immediately! Published : 29/11/2024 Reference: Advisory #2024-279 Version: 1.0 Affected software: Zabbix frontend versions 6.0.0 - 6.0.31, 6.4.0 - 6.4.16, and 7.0.0 Type: SQL Injection CVE/CVSS: CVE-2024-42327 - 9.9 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) Sources Zabbix - https://support.zabbix.com/browse/ZBX-25623 NIST NVD - https://nvd.nist.gov/vuln/detail/CVE-2024-42327 Risks Zabbix frontend software monitors numerous parameters of a network and the health and integrity of servers, virtual machines, applications, services, databases, websites, the cloud, etc... A 9.9 critical vulnerability exists in its versions 6.0.0 - 6.0.31, 6.4.0 - 6.4.16, and 7.0.0. If left unpatched, affected devices are vulnerable to SQL injection attacks with possible high impact on confidentiality, integrity and availability of systems and data. CVE-2024-42327 is fixed via software updates to versions 6.0.32rc1, 6.4.17rc1, and 7.0.1rc1. No information is available that the vulnerability is being actively exploited. Description CVE-2024-42327 is an 'Improper Neutralization of Special Elements used in an SQL Command' type vulnerability, also known as 'SQL Injection'. If exploited successfully, an attacker can escalate privileges to a higher level and achieve further unknown impact. The exploit is available to non-admin users with default user roles or to any role with API access. More specifically, the vulnerability exists in the CUser class in the addRelatedObjects function which is being called from the CUser.get function. The latter is available to every user with API access. Recommended Actions Patch The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. Monitor/Detect The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion. In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident . While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise. References Zabbix - https://www.zabbix.com/manuals

Related Articles

CRITICAL CVE-2024-42327: Zabbix SQL Injection Vulnerability Web Discovery CRITICAL CVE-2024-42327 Impact, Exploitability, and Mitigation Steps | Wiz Web Discovery CRITICAL CVE-2024-42327: Zabbix Server SQL Injection Vulnerability Web Discovery HIGH GitHub - BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE: Zabbix CVE-2024-42327 PoC Web Discovery
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn