A newly discovered SQL Injection vulnerability in Zabbix's user.get API poses a critical risk to system security. Update your systems now to mitigate risks.

A critical vulnerability, CVE-2024-42327, has been discovered in Zabbix Server, potentially allowing attackers to exploit the user.get API for an SQL Injection attack. This vulnerability, which carries a CVSS severity score of 9.9, could allow unauthorized access and complete server control.

Vulnerability Details

• Description:

  • Non-admin users with default or API-enabled roles can exploit the user.get API to inject malicious SQL queries.

  • The vulnerability resides in the CUser class, specifically in the addRelatedObjects function.

• Impact:

  • Unauthorized access to sensitive data.

  • Full control over the server, enabling further malicious activities.

• Affected Versions:

  • Zabbix Server 6.0.0 to 6.0.31

  • Zabbix Server 6.4.0 to 6.4.161

  • Zabbix Server 7.0.0

    
    

Recommended Actions

1. Update to Fixed Versions:

   • Zabbix Server 6.0.32rc1

   • Zabbix Server 6.4.17rc1

   • Zabbix Server 7.0.1rc1

2. Review and Harden Systems:

   • Verify the Zabbix version currently in use.

   • Ensure default or API-enabled roles are restricted to necessary users only.

3. Follow Vendor Guidelines:

   • For more information, refer to:

     • Zabbix Vulnerability Advisory

     • Qualys ThreatProtect

       
       

Organizations using the affected Zabbix versions are urged to take immediate action to secure their systems.

Greenwill Solution offers vulnerability assessments and patch management services to protect your systems against threats like CVE-2024-42327.

Contact us today to safeguard your infrastructure.