CVE-2024-42332 : The researcher is showing that due to the way the SNMP trap log is parsed, an at

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.

Published 2024-11-27 12:06:45

Updated 2024-11-27 12:15:21

Source Zabbix

View at NVD, CVE.org

Products affected by CVE-2024-42332

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2024-42332

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 23 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-42332

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N	N/A	N/A	Zabbix	2024-11-27
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N	2.2	1.4	Zabbix	2024-11-27
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

References for CVE-2024-42332

https://support.zabbix.com/browse/ZBX-25628

[ZBX-25628] New line injection in Zabbix SNMP traps (CVE-2024-42332) - ZABBIX SUPPORT

Jump to

Vulnerability Details : CVE-2024-42332

Products affected by CVE-2024-42332

Exploit prediction scoring system (EPSS) score for CVE-2024-42332

CVSS scores for CVE-2024-42332

References for CVE-2024-42332