CVE-2024-42332

Name
CVE-2024-42332
Description
The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.
NVD Severity
low
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://support.zabbix.com/browse/ZBX-25628

Match rules

CPE URI Source package Min version Max version
zabbix >= 6.0.0 < 6.0.34
zabbix >= 6.4.0 < 6.4.19
zabbix >= 7.0.0 < 7.0.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
zabbix 3.20-community 6.4.18-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable