CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://support.zabbix.com/browse/ZBX-24505	Exploit Vendor Advisory
https://support.zabbix.com/browse/ZBX-24505	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zabbix:zabbix::::::::
	cpe:2.3:a:zabbix:zabbix::::::::
	cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1::::::
	cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2::::::
	cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3::::::
	cpe:2.3:a:zabbix:zabbix:7.0.0:alpha4::::::
	cpe:2.3:a:zabbix:zabbix:7.0.0:alpha5::::::
	cpe:2.3:a:zabbix:zabbix:7.0.0:alpha6::::::
	cpe:2.3:a:zabbix:zabbix:7.0.0:alpha7::::::
	cpe:2.3:a:zabbix:zabbix:7.0.0:alpha8::::::
	cpe:2.3:a:zabbix:zabbix:7.0.0:alpha9::::::
	cpe:2.3:a:zabbix:zabbix:7.0.0:beta1::::::

History

08 Oct 2025, 15:57

Type	Values Removed	Values Added
CPE		cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:::::: cpe:2.3:a:zabbix:zabbix:7.0.0:alpha7:::::: cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:::::: cpe:2.3:a:zabbix:zabbix:::::::: cpe:2.3:a:zabbix:zabbix:7.0.0:alpha5:::::: cpe:2.3:a:zabbix:zabbix:7.0.0:alpha6:::::: cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:::::: cpe:2.3:a:zabbix:zabbix:7.0.0:alpha8:::::: cpe:2.3:a:zabbix:zabbix:7.0.0:beta1:::::: cpe:2.3:a:zabbix:zabbix:7.0.0:alpha4:::::: cpe:2.3:a:zabbix:zabbix:7.0.0:alpha9::::::
References	~~() https://support.zabbix.com/browse/ZBX-24505 -~~	() https://support.zabbix.com/browse/ZBX-24505 - Exploit, Vendor Advisory
First Time		Zabbix zabbix Zabbix

Information

Published : 2024-05-17 10:15

Updated : 2025-10-08 15:57

NVD link : CVE-2024-22120

Mitre link : CVE-2024-22120

CVE.ORG link : CVE-2024-22120

JSON object : View

Products Affected

zabbix

zabbix

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2024-22120", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@zabbix.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-05-17T10:15:07.363", "references": [{"url": "https://support.zabbix.com/browse/ZBX-24505", "tags": ["Exploit", "Vendor Advisory"], "source": "security@zabbix.com"}, {"url": "https://support.zabbix.com/browse/ZBX-24505", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@zabbix.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to \"Audit Log\". Due to \"clientip\" field is not sanitized, it is possible to injection SQL into \"clientip\" and exploit time based blind SQL injection."}, {"lang": "es", "value": "El servidor Zabbix puede realizar la ejecuci\u00f3n de comandos para scripts configurados. Despu\u00e9s de ejecutar el comando, la entrada de auditor\u00eda se agrega al \"Registro de auditor\u00eda\". Debido a que el campo \"clientip\" no est\u00e1 sanitizado, es posible inyectar SQL en \"clientip\" y explotar la inyecci\u00f3n SQL ciega basada en el tiempo."}], "lastModified": "2025-10-08T15:57:03.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D724C8AD-C793-4602-8B1B-33B54A0A847A", "versionEndExcluding": "6.0.28", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8507A896-08E2-4A4F-B499-66BDA79CAA32", "versionEndExcluding": "6.4.13", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93EB5757-7F98-4428-9616-C30A647A6612"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA00BDB5-433F-44E5-87AC-DA01C64B5DB3"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98C46C92-9D86-45CD-88FE-DFBB5502BB88"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B568E6DD-A6D1-4402-BB40-7DA2596A5BC8"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9C3673B-8459-4C63-8E90-724D1D42A8BB"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C9F6957-7526-4852-A579-DE556DBFAA97"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81A7A191-93DE-4C5D-963E-E8890FF7AACA"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEE202D5-3C88-43A5-9328-FC78D0B9B8CF"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F88BFB75-7951-47D5-941F-3839E9E31FFA"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8216247E-C160-4D2C-906E-9D8CD731B5C2"}], "operator": "OR"}]}], "sourceIdentifier": "security@zabbix.com"}