CVE-2024-42327: Zabbix Server SQL Injection Vulnerability Author : Sangfor Technologies Published Date : 28 Nov 2024 Last Modified Date : 16 Dec 2024 Tag : Cyber Security About the Vulnerability Introduction Zabbix is a web-based, enterprise-class open-source solution for distributed system monitoring and network monitoring. Summary On November 28, 2024, Sangfor FarSight Labs received notification that a Zabbix component contains information of SQL Injection Vulnerability(CVE-2024-42327), classified as critical in threat level. The addRelatedObjects function in Zabbix contains a severe vulnerability that allows attackers with only read access to execute arbitrary SQL statements and arbitrary code, potentially leading to server compromise. Affected Versions 6.0.0 ≤ Zabbix < 6.0.32rc1 6.4.0 ≤ Zabbix < 6.4.17rc1 Zabbix 7.0.0 Solutions Remediation Solution Check the System Version The version information of current server is usually displayed on the bottom of the home page of Zabbix. Official Solution The latest versions have been officially released to fix the vulnerability. Affected users are recommended to update the version of Zabbix to the following versions: Zabbix 6.0.32rcl Zabbix 6.4.17rcl Zabbix 7.0.1rcl Download link: https://www.zabbix.com/download Sangfor Solutions Risky Assets Detection Support is provided for proactive detection of Zabbix monitoring system; and it is capable of batch identifying the affected asset conditions of this event in business scenarios. Related products are as follows: [Sangfor CWPP] has released an asset detection scheme, with Fingerprint ID: 0000013. [Sangfor Host Security] has released an asset detection scheme, with Fingerprint ID: 0000013. Timeline On November 28, 2024, Sangfor FarSight Labs received notification of Zabbix Server SQL Injection Vulnerability. On November 28, 2024, Sangfor FarSight Labs released a vulnerability alert. References https://support.zabbix.com/browse/ZBX-25623 Meet the Author Sangfor Technologies Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations. See Author's Detail