Zabbix SQLi Vulnerability - 20240520001

Overview

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

What is vulnerable?

CVE	Severity	CVSS	Product(s) Affected
CVE-2024-22120	Critical	9.1	versions from 6.0.0 to 6.4.12 and 7.0.0 alpha1 to 7.0.0 beta1

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):

• ZABBIX BUGS AND ISSUES

Additional References

• Security Online - Zabbix SQLi Vulnerability Exposes IT Infrastructure to Attack
• Tenable | CVE-2024-22120