December 2, 2024 at 07:25AM
Zabbix has announced a critical vulnerability (CVE-2024-42327) in its monitoring solution, allowing SQL injection attacks through API access for non-admin users. Affected versions include 6.0.0 to 6.0.31, 6.4.0 to 6.4.16, and 7.0.0. Patches are available in recent releases. Users are urged to update promptly.
### Meeting Takeaways on Zabbix Vulnerabilities
1. **Critical Vulnerability Identified**: Zabbix has reported a critical-severity vulnerability (CVE-2024-42327) in its open-source enterprise networking monitoring solution, with a CVSS score of 9.9. This vulnerability allows attackers to inject arbitrary SQL queries, potentially compromising data or the system.
2. **Affected User Roles**: Any user with a role that has API access, including non-admin accounts with default or other roles, can exploit this vulnerability through the `addRelatedObjects` function in the CUser class.
3. **Security Analysis**: Qualys has analyzed the vulnerability, highlighting that it could enable attackers to escalate privileges and gain complete control over vulnerable Zabbix servers. There are over 83,000 Zabbix servers exposed on the internet.
4. **Versions Affected**: Vulnerable Zabbix versions include:
– 6.0.0 to 6.0.31
– 6.4.0 to 6.4.16
– 7.0.0
5. **Patches Released**: Patches addressing CVE-2024-42327 were included in the following releases:
– 6.0.32rc1
– 6.4.17rc1
– 7.0.1rc1
Released in July.
6. **Other Vulnerabilities Fixed**: The patched versions also address:
– CVE-2024-36466: An authentication bypass issue (CVSS score of 8.8).
– CVE-2024-36462: An uncontrolled resource consumption vulnerability leading to potential denial-of-service (DoS) conditions.
7. **Current Exploitation Status**: Zabbix has reported no indications of these vulnerabilities being exploited in the wild.
8. **User Advisory**: Users are strongly urged to update to the patched versions promptly to safeguard their systems.
9. **User Base**: Zabbix is utilized globally across various sectors, including education, finance, healthcare, IT, manufacturing, and retail.
### Recommendations:
– **Immediate Action**: Organizations using Zabbix should prioritize upgrading their installations to the latest patched versions.
– **Monitoring for Threats**: Continuously monitor for any unusual activity or signs of exploitation as a precaution.