Vulnerability Description
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zabbix | Zabbix | >= 2.4.0, <= 2.4.8 |
| Debian | Debian Linux | 8.0 |
References
- http://www.securityfocus.com/bid/98094Third Party AdvisoryVDB Entry
- https://talosintelligence.com/vulnerability_reports/TALOS-2017-0326ExploitTechnical DescriptionThird Party Advisory
- https://www.debian.org/security/2017/dsa-3937Third Party Advisory
- http://www.securityfocus.com/bid/98094Third Party AdvisoryVDB Entry
- https://talosintelligence.com/vulnerability_reports/TALOS-2017-0326ExploitTechnical DescriptionThird Party Advisory
- https://www.debian.org/security/2017/dsa-3937Third Party Advisory
FAQ
What is CVE-2017-2825?
CVE-2017-2825 is a vulnerability with a CVSS score of 7.0 (HIGH). In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle serve...
How severe is CVE-2017-2825?
CVE-2017-2825 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2825?
Check the references section above for vendor advisories and patch information. Affected products include: Zabbix Zabbix, Debian Debian Linux.