Security updates: Network monitoring tool Zabbix offers attack surface
Five security vulnerabilities jeopardize computers on which Zabbix is installed.
(Image: Artur Szczybylo/Shutterstock.com)
Anyone monitoring data traffic in networks with Zabbix should install an up-to-date version of the tool for security reasons. Otherwise, in the worst-case scenario, attackers could execute malicious code to compromise systems.
Various attacks possible
According to the developers, most of the vulnerabilities were submitted via Hackerone's bug bounty program. Admins can find more detailed information on the vulnerabilities in the warning messages linked below this message. The specific issues of the network monitoring tool that are under threat are also listed there.
The most dangerous is a vulnerability (CVE-2024-36465 “high”) in Zabbix API. An attacker with a regular user account could use this to execute their SQL commands. Reflected XSS attacks (CVE-2024-45699 “high”) are also possible. Attackers can use this method to execute malicious code in the form of a JavaScript payload.
In addition, DoS attacks (CVE-2024-45700 “medium”) and unauthorized access (CVE-2024-36469 “low”, CVE-2024-42325 “low”) are also possible.
Videos by heise
These versions are equipped against the attacks described. There are still no reports of active attacks.
- 5.0.46rc1
- 6.0.37rc1
- 6.0.38rc1
- 6.0.39rc1
- 6.4.21rc1
- 7.0.7rc1
- 7.0.8rc2
- 7.0.9rc1
- 7.0.10rc1
- 7.2.2rc1
- 7.2.3rc1
- 7.2.4rc1
List sorted by threat level, descending:
SQL injection in Zabbix API (CVE-2024-36465)
Reflected XSS vulnerability in /zabbix.php?action=export.valuemaps (CVE-2024-45699)
DoS vulnerability due to uncontrolled resource exhaustion (CVE-2024-45700)
User enumeration via timing attack in Zabbix frontend login form and API (CVE-2024-36469)
Excessive information returned by user.get (CVE-2024-42325)
(des)
