Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Critical SQL Injection vulnerability in multiple Zabbix frontend versions can lead to privilege escalation, Patch Immediately!
Image
Gepubliceerd : 29/11/2024
Reference:
Advisory #2024-279
Version:
1.0
Affected software:
Zabbix frontend versions 6.0.0 - 6.0.31, 6.4.0 - 6.4.16, and 7.0.0
Type:
SQL Injection
CVE/CVSS:
CVE-2024-42327 - 9.9 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Sources
Zabbix - https://support.zabbix.com/browse/ZBX-25623
NIST NVD - https://nvd.nist.gov/vuln/detail/CVE-2024-42327
Risks
Zabbix frontend software monitors numerous parameters of a network and the health and integrity of servers, virtual machines, applications, services, databases, websites, the cloud, etc...
A 9.9 critical vulnerability exists in its versions 6.0.0 - 6.0.31, 6.4.0 - 6.4.16, and 7.0.0. If left unpatched, affected devices are vulnerable to SQL injection attacks with possible high impact on confidentiality, integrity and availability of systems and data.
CVE-2024-42327 is fixed via software updates to versions 6.0.32rc1, 6.4.17rc1, and 7.0.1rc1.
No information is available that the vulnerability is being actively exploited.
Description
CVE-2024-42327 is an 'Improper Neutralization of Special Elements used in an SQL Command' type vulnerability, also known as 'SQL Injection'.
If exploited successfully, an attacker can escalate privileges to a higher level and achieve further unknown impact. The exploit is available to non-admin users with default user roles or to any role with API access.
More specifically, the vulnerability exists in the CUser class in the addRelatedObjects function which is being called from the CUser.get function. The latter is available to every user with API access.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Zabbix - https://www.zabbix.com/manuals