CVE-2024-36466
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-36466 is a newly identified vulnerability that affects an unspecified application. This issue involves a coding error that enables an attacker to generate a forged zbx_session cookie. Once obtained, the attacker can use this cookie to sign in with admin permissions, granting them unauthorized access to sensitive areas of the application. This vulnerability poses a significant risk to system security, as it allows attackers to bypass authentication controls and potentially cause extensive damage. Organizations are urged to apply relevant patches or updates to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Zabbix
Affected Vendors
- Zabbix LLC