CVE-2024-22123

Name
CVE-2024-22123
Description
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI.
NVD Severity
low
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://support.zabbix.com/browse/ZBX-25013

Match rules

CPE URI Source package Min version Max version
zabbix >= 5.0.0 <= 5.0.42
zabbix >= 6.0.0 <= 6.0.30
zabbix >= 6.4.0 <= 6.4.15
zabbix >= 7.0.0alpha1 <= 7.0.0rc2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status