MEDIUM🇬🇧 English

CVE-2023-32728

CVSS 4.6v3.1pub. 2023-12-18upd. 2024-11-21

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
  • Zabbix Agent2

    APP
    Zabbix
    7.0.05.0.0 – 5.0.386.0.0 – 6.0.236.4.0 – 6.4.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2023-29453CRITICAL9.8ten sam produkt

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as ex...

CVE-2022-22704CRITICAL9.8ten sam produkt

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root becau...

CVE-2022-46768MEDIUM5.9ten sam produkt

Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10...

CVE-2022-23131CRITICAL9.1⚠ KEVten sam vendor

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modif...

CVE-2024-42327CRITICAL9.9PL ✓ten sam vendor

SQL Injection w Zabbix – podatność w klasie CUser umożliwia eskalację uprawnień