CVE-2024-22122

CVSS 3.1 Score 3.0 of 10 (low)

Details

Published Aug 12, 2024
CWE ID 77

Summary

CVE-2024-22122 is a vulnerability affecting Zabbix, an open-source monitoring solution. The issue resides in the SMS notification configuration feature, where there is a lack of validation for the "Number" field both on the web interface and server-side. An attacker can exploit this by providing a specially crafted phone number to trigger AT command injection on the Zabbix Server, potentially executing additional commands on the modem. This vulnerability poses a significant security risk and requires immediate attention from Zabbix users to apply the necessary patches or updates.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share