What is CVE-2024-22120?

CVE-2024-22120 is a critical-severity vulnerability in Zabbix, classified under Improper Input Validation. CVSS score: 9.1/10. Published 2024-05-17.

How severe is CVE-2024-22120?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Is CVE-2024-22120 known to be exploited?

58 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Zabbix

CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.919 (99.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Zabbix — versions 6.0.0, 6.4.0, 7.0.0alpha1

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

support.zabbix.com/browse/ZBX-24505

Frequently asked questions

What is CVE-2024-22120?: CVE-2024-22120 is a critical-severity vulnerability in Zabbix, classified under Improper Input Validation. CVSS score: 9.1/10. Published 2024-05-17.
How severe is CVE-2024-22120?: Critical severity. CVSS v3 base score is 9.1 out of 10.
Is CVE-2024-22120 known to be exploited?: 58 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.