About Stormshield Join us Contact EN OUR DIFFERENCE OUR SOLUTIONS & PRODUCTS Aviation Public Administration and Government Critical communication Defense and Military Organizations Water Industry Facility Management & Warehouse Electric utilities Navy Health and Healthcare Facilities Land transport MSSPs and Other Service Providers OUR SUPPORT PARTNER NEWS Summary Initial vector attack of the Zabbix vulnerability Technical details of the Zabbix vulnerability Attack modelling with MITRE ATT&CK How to protect against the Zabbix vulnerability with Stormshield Network Security Security alert Zabbix CVE-2024-22116: Stormshield Products Response Published on: 20 08 2024 Author: Stormshield Customer Security Lab < 1 minute A new critical Remote Code Execution (RCE) vulnerability impacting Zabbix has been reported. It has been assigned the reference CVE-2024-22116 and a CVSS 3.1 score of 9.9. The Stormshield Customer Security Lab details our protection offerings. This vulnerability impacts the following versions of the product: 4.0 to 6.4.15 ; 0.0 Alpha 1 to 7.0.0 RC2. Initial vector attack of the Zabbix vulnerability This vulnerability allows an administrator with limited permissions to initiate a remote code execution on the Zabbix server. This could be used to deploy a remote shell in order to gain control of the server or dump all the user’s passwords of the platform. Technical details of the Zabbix vulnerability The underlying API of GeoServer does not include security checks on specific values of some parameters. This can lead to a java code interpretation sent through HTTP requests. This code will be executed using the execution context of the GeoServer server. Attack modelling with MITRE ATT&CK MITRE ATT&CK T1068 (Exploitation for Privilege Escalation) T1203 (Exploitation for Client Execution) CWE CWE-94 Improper Control of Generation of Code ('Code Injection') How to protect against the Zabbix vulnerability with Stormshield Network Security Protection against CVE-2024-22116 Stormshield Network Security (SNS) firewalls detect and block exploitation of CVE-2024-22116 with the protocol inspection: http:client:data.180: Exploitation of a RCE in Zabbix (CVE-2024-22116) Confidence index for the protection offered by Stormshield Confidence index for the absence of false positives Recommandations regarding the Zabbix vulnerability It is recommended to update the Zabbix application to one of the following versions: 6.4.16 RC1 or above ; 7.0.0 RC3 or above. TAGS : CYBERSECURITY - BY STORMSHIELD Need more information about Stormshield protection? The Technical Support teams are at your disposal to help you. Contact them through the incident manager located in the MyStormshield private area. To access it, select the menu "Technical Support / Report an incident / Track an incident". MYSTORMSHIELD Stormshield's Cyber Threat Intelligence team has two primary missions: to study cyber threats to understand them and to continuously improve Stormshield product protections. All with the goal of contributing to the cybersecurity community's effort to address cyber threats. STORMSHIELD THREAT INTELLIGENCE About the author Stormshield Customer Security Lab Last articles Security alert CVE-2026-21858 : Stormshield Products Response 19 01 2026 Security alert Redis CVE-2025-49844: Stormshield Products Response 30 10 2025 Security alert Fortra CVE-2025-10035: Stormshield Products Response 26 09 2025 See all articles from Alert Read more TECHNICAL POSTS 09 02 2026 Investigation on the EmEditor Supply Chain attack ALERT 19 01 2026 Security alert CVE-2026-21858 : Stormshield Products Response PRODUCTS & SERVICES 18 12 2025 With the TEMPEST classification, Stormshield reaffirms its commitment to digital sovereignty and strategic autonomy PRODUCTS Stormshield XDR Stormshield Network Security Stormshield Endpoint Security Stormshield Data Security SLS Logpoint Stormshield Management Center Certified and qualified products Datasheets Customer cases Advisories Stormshield PARTNER NETWORK Partner finder Apply for a partnership MyStormshield SERVICES Technical Support Professional Services Training calendar Threat Intelligence Stormshield Academy Technical Documentation Marketing documentation Security Portal ABOUT US Teams Backstage News Websites Sales team +33 (0)9 69 32 96 29 SEND US YOUR REQUEST Follow us Legal notice Standard Terms and Conditions of Sale and Service Personal data Configure your cookies A cookie is a small file that is transferred to the hard drive of your computer or mobile device when you visit a website. The cookie is then accessible by the originating website, which recognises the cookie on each subsequent visit. Cookies are used for a variety of purposes, such as remembering your preferences, supporting user authentication, or collecting information about the number of users visiting the website. Cookies that are not technically necessary for the proper functioning of our site can be set and disabled by clicking on "Set my cookies" below. View our cookie policy Consents certified by Deny all Set my cookies Accept all Axeptio consent Consent Management Platform: Personalize Your Options Our platform empowers you to tailor and manage your privacy settings, ensuring compliance with regulations. Customize your preferences to control how your information is handled.