About the Vulnerability
Introduction
Zabbix is a web-based, enterprise-class open-source solution for distributed system monitoring and network monitoring.
Summary
On November 28, 2024, Sangfor FarSight Labs received notification that a Zabbix component contains information of SQL Injection Vulnerability(CVE-2024-42327), classified as critical in threat level.
The addRelatedObjects function in Zabbix contains a severe vulnerability that allows attackers with only read access to execute arbitrary SQL statements and arbitrary code, potentially leading to server compromise.
Affected Versions
6.0.0 ≤ Zabbix < 6.0.32rc1
6.4.0 ≤ Zabbix < 6.4.17rc1
Zabbix 7.0.0
Solutions
Remediation Solution
Check the System Version
The version information of current server is usually displayed on the bottom of the home page of Zabbix.
Official Solution
The latest versions have been officially released to fix the vulnerability. Affected users are recommended to update the version of Zabbix to the following versions:
Zabbix 6.0.32rcl
Zabbix 6.4.17rcl
Zabbix 7.0.1rcl
Download link: https://www.zabbix.com/download
Sangfor Solutions
Risky Assets Detection
Support is provided for proactive detection of Zabbix monitoring system; and it is capable of batch identifying the affected asset conditions of this event in business scenarios. Related products are as follows:
[Sangfor CWPP] has released an asset detection scheme, with Fingerprint ID: 0000013.
[Sangfor Host Security] has released an asset detection scheme, with Fingerprint ID: 0000013.
Timeline
On November 28, 2024, Sangfor FarSight Labs received notification of Zabbix Server SQL Injection Vulnerability.
On November 28, 2024, Sangfor FarSight Labs released a vulnerability alert.
