Zabbix network monitoring tool vulnerable to critical SQL injection
Take action: If you are using Zabbix network monitoring, make sure it's not accessible from the internet. Then patch it to the latest versions.
Learn More
Zabbix, a widely utilized network monitoring tool in corporate IT infrastructures globally, has been found vulnerable to SQL injection attacks.
The vulnerability is tracked as CVE-2024-22120 (CVSS score 9.1) and affects all versions from 6.0 onwards and has the potential to lead to remote code execution (RCE). The flaw was discovered by threat researcher Maxim Tyukov, who also published a proof-of-concept (PoC) exploit.
The flaw seems to be very easy to exploit - an attacker only needs a low-privileged account and access to a single host to initiate the exploit. By manipulating session values related to the account’s login, the attacker can execute the exploit script, gaining access to the entire database.
While the immediate data accessible through SQL injection may not hold significant value, such as information about server counts, hardware load, and statuses, it provides a starting point for further reconnaissance and guide attackers toward other servers or machines.
Vulnerable and fixed versions of Zabbix:
| Vulnerable Versions | Fixed In |
|---|---|
| 6.0.0 – 6.0.27 | 6.0.28rc1 |
| 6.4.0 – 6.4.12 | 6.4.13rc1 |
| 7.0.0alpha1 – 7.0.0beta1 | 7.0.0beta2 |
Users of Zabbix should promptly update their software to the latest patched versions to mitigate the risk associated with CVE-2024-22120. Since there is a public PoC exploit it's even more urgent to address the issue.
