Home > Vulnerability Database > CVE-2024-22122

Mend.io Vulnerability Database

CVE-2024-22122

Good to know:

Date: August 9, 2024

Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.

Language: C

Severity Score

3.0

Related Resources (3)

Url: https://support.zabbix.com/browse/ZBX-25012

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-22122

Url: https://www.mend.io/vulnerability-database/CVE-2024-22122

Severity Score

3.0

Weakness Type (CWE)

Command Injection

CWE-77

Top Fix

Upgrade Version

Upgrade to version 5.0.43,6.0.31,6.4.16,7.0.0

Learn More

CVSS v3.1

Base Score:	3.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-22122

Good to know:

Date: August 9, 2024

Language: C

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?