CVE-2024-22122 — LOW (3.0) — White Hats Nepal

Q: How severe is CVE-2024-22122?

CVE-2024-22122 has been rated LOW with a CVSS base score of 3.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-22122?

Check the references section above for vendor advisories and patch information. Affected products include: Zabbix Zabbix.

Vulnerability Description

Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.

CVSS Score

3.0

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Zabbix	Zabbix	>= 5.0.0, <= 5.0.42

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2024-22122?

CVE-2024-22122 is a vulnerability with a CVSS score of 3.0 (LOW). Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of...

How severe is CVE-2024-22122?

CVE-2024-22122 has been rated LOW with a CVSS base score of 3.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-22122?

Check the references section above for vendor advisories and patch information. Affected products include: Zabbix Zabbix.