5/5 - (1 vote)

CVE-2024-42327 is a critical SQL injection vulnerability affecting Zabbix, a widely used open-source monitoring tool. With a CVSS score of 9.9, this vulnerability poses significant risks, allowing attackers to escalate privileges and gain complete control over vulnerable Zabbix servers.

Vulnerability Details

The vulnerability is located in the user.get API endpoint, specifically within the CUser class’s addRelatedObjects function. It can be exploited by non-admin users who have API access, including those with the default User role. Attackers can manipulate API calls to inject malicious SQL commands, potentially leading to unauthorized access and control over the Zabbix server.

Impact of Exploitation

Successful exploitation of CVE-2024-42327 can lead to several severe consequences:

  • Data Breaches: Unauthorized access to sensitive monitoring data, including system configurations and user credentials.
  • System Compromise: Attackers could leverage escalated privileges to manipulate the Zabbix server and pivot to other connected systems.
  • Denial of Service: Disruption of monitoring operations by altering or deleting critical data.

Affected Versions

The vulnerability affects the following versions of Zabbix:

  • 6.0.0 – 6.0.31
  • 6.4.0 – 6.4.16
  • 7.0.0

Mitigation and Remediation

Zabbix has released patches to address this vulnerability in the following versions:

  • Zabbix 6.0.32rc1
  • Zabbix 6.4.17rc1
  • Zabbix 7.0.1rc1

Organizations using affected versions are strongly urged to update their systems immediately to mitigate risks associated with this vulnerability.

Recommended Actions

To protect against CVE-2024-42327, organizations should:

  • Update: Immediately upgrade to the patched versions of Zabbix.
  • Review User Permissions: Ensure that only authorized personnel have API access and that user roles are appropriately restricted.
  • Conduct Security Assessments: Regularly assess the security posture of your Zabbix installation and related systems.

This vulnerability highlights the importance of maintaining up-to-date software and regularly reviewing security configurations to protect against potential exploits in critical infrastructure monitoring tools like Zabbix.

Related posts:

  1. A critical vulnerability has been discovered in the WPLMS WordPress theme
  2. Zabbix 5.0 Release
  3. CVE-2024-10793 WordPress
  4. Vulnerability in Azure Automation gave access to other people’s Azure accounts