Improper input validation in Zabbix - CVE-2017-2825
Published: April 24, 2018
Vulnerability identifier: #VU12115
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2825
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zabbix
Affected software:
Zabbix
Zabbix
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to write arbitrary files on the target system.
The weakness exists in the trapper functionality due to insufficient validation of trapper packets. A remote attacker can submit specially crafted trapper packets, bypass database logic checks, perform man-in-the-middle attack between an active Zabbix proxy and the target Zabbix server, alter the trapper requests made between the Zabbix proxy and the target server and perform database writes.
The weakness exists in the trapper functionality due to insufficient validation of trapper packets. A remote attacker can submit specially crafted trapper packets, bypass database logic checks, perform man-in-the-middle attack between an active Zabbix proxy and the target Zabbix server, alter the trapper requests made between the Zabbix proxy and the target server and perform database writes.
How to mitigate CVE-2017-2825
Update to versions 2.0.21rc1 or 2.2.18rc1.