The vulnerability in the Zabbix server allows an attacker to execute arbitrary code via the Ping script
The vulnerability in the Zabbix server allows an attacker to execute arbitrary code via the Ping script
The vulnerability in the Zabbix server allows an attacker to execute arbitrary code via the Ping script
Information:
Zabbix is an open-source software for monitoring and managing IT systems, including networks, servers, and various applications. Zabbix can collect data from hardware and software through various methods, such as SNMP, IPMI, agent-based monitoring, and user-defined checks. The software can be configured to send alerts when abnormal events occur and has the capability to present collected data in the form of graphs, reports, and dashboards. Additionally, Zabbix supports customization and extension to meet the specific needs of organizations or administrators.
Incident :
A critical vulnerability, CVE-2024-22116, has been disclosed. This vulnerability allows administrators with limited privileges to execute arbitrary code via a Ping script in the host monitoring section, potentially putting system infrastructure at risk.
Zabbix reports, "An administrator with restricted permissions can use the script execution function in the Host Monitoring section. Due to the lack of protection against code injection in script parameters, it allows the execution of arbitrary code through the Ping script, which may result in system damage."
According to the Common Weakness Enumeration (CWE), this vulnerability falls under CWE-94, Improper Control of Generation of Code ('Code Injection'). The Common Attack Pattern Enumeration and Classification (CAPEC) categorizes this vulnerability as CAPEC-253, Remote Code Inclusion.
Affected Versions:
The vulnerability affects versions 6.4.0 through 6.4.15 and 7.0.0alpha1 through 7.0.0rc2.
Resolution:
Update to versions 6.4.16rc1 and 7.0.1rc3.
The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
References :
- https://www.zabbix.com/security_advisories#ZBV-2024-08-09-8
- https://cybersecuritynews.com/zabbix-server-vulnerability/? fbclid=IwY2xjawEsVvlleHRuA2FlbQIxMQABHQOqV46kd7Z5QO3GdJVbdsBd_a1lvgMuw14gTPiwNAJHBekSaG7Aksmrcg_aem_w86pYxE1H0Z48aBlIZMsZA
Weekly Interesting CVE
| NO. |
CVE Name |
Published Date |
Last Update |
Device/Appplication/OS Target |
Attack Type |
CVSS |
Detail |
Solution |
Reference |
|---|---|---|---|---|---|---|---|---|---|
| 1 |
CVE-2024-40898 |
18/7/2024 |
8/8/2024 |
Apache HTTP Server |
Server-Side Request Forgery (SSRF) |
7.5 |
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. |
Upgrade to version 2.4.62 |
|
| 2 |
CVE-2024-37085 |
25/6/2024 |
8/8/2024 |
VMware |
Authentication Bypass |
7.2 |
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. |
Cloud Foundation: upgrade to 5.2 |
|
| 3 |
CVE-2019-6198 |
8/7/2024 |
7/8/2024 |
IBM |
Authentication Bypass |
9.8 |
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. |
upgrade to version 3.2.3 |
https://www.ibm.com/docs/en/ibm-mq/9.4?topic=about-release-history-mq-operator |
| 4 |
CVE-2024-6989 |
6/8/2024 |
7/8/2024 |
Google |
Use after free |
8.8 |
Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High |
Update to version 127.0.6533.72 or latest version |
|
| 5 |
CVE-2024-32113 |
08/05/2024 |
08/08/2024 |
Apache OFBiz: before 18.12.13 |
Path Traversal |
9.8 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. |
upgrade to version 18.12.13 |
Malware News or Campaign IOC/IOA | EN
|
No |
Campaign Name |
Detection Date |
Attack Type |
Description |
Mitigation/Remediation |
|---|---|---|---|---|---|
| 1 |
FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany |
13/08/2024 |
Ransomware |
The FBI has dismantled the operation of a ransomware group known as "Dispossessor." This ransomware was used to attack the computer systems of victims, targeting small to medium-sized businesses worldwide. The FBI achieved this by arresting members of the hacker group and taking legal action to stop their activities, including shutting down several servers in the United States, the United Kingdom, and Germany. This hacker group used a ransomware-as-a-service model similar to LockBit, encrypting data and threatening to publish it if the ransom was not paid. The group attacked various sectors, including education, healthcare, and finance, affecting 43 companies across multiple countries. |
|
Ref: https://thehackernews.com/2024/08/fbi-shuts-down-dispossessor-ransomware.html
26 August 2024
Viewed 380 time
