Zabbix, a widely used network monitoring tool in corporate IT infrastructure globally, is susceptible to SQL injection attacks. The vulnerability, identified as CVE-2024-22120, affects all versions from 6.0 onwards and can potentially lead to remote code execution. The researcher who discovered the flaw has already published a proof-of-concept exploit, suggesting that exploitation may occur imminently.
ZABBIX SQL VULNERABILITY
On May 17, 2024, a severe vulnerability was discovered in Zabbix. In February, researcher Maxim Tyukov detailed the flaw on the developers’ support page. Zabbix rated it 9.1 CVSS, with NVD NIST ratings pending. The report emphasizes the potential damage from successful exploitation.
The report indicates that exploiting the flaw is straightforward. Attackers only need a low-privileged account and access to a single host to run an exploit script.
By manipulating values related to the account’s login session, the attacker can execute the exploit. It operates with a slight delay between actions to avoid detection, but within about 10 minutes, the attacker gains access to the entire database.
Because of Zabbix’s setup, the data an SQL injection might reveal isn’t super important. But it does give away things like server numbers, how loaded they are, and their status, which is a good starting point for planning an attack.
With this info, attackers can target specific servers or even whole systems. And if the exploit works, it could lead to remote code execution, which is really serious stuff – it’s one of the worst kinds of vulnerabilities out there.
AFFECTED VERSIONS
The original research identifies numerous Zabbix versions vulnerable to exploitation. CVE-2024-22120 affects versions from 6.0.0 onwards, including certain beta versions of the latest 7.0 release. See the table below for details:
| Vulnerable versions | Fixed In |
|---|---|
| 6.0.0 – 6.0.27 | 6.0.28rc1 |
| 6.4.0 – 6.4.12 | 6.4.13rc1 |
| 7.0.0alpha1-7.0.0beta1 | 7.0.0beta2 |
Leave A Comment