Vulnerability CVE-2023-32728: Information

Description

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-32728
Published: Dec. 18, 2023
Modified: Dec. 22, 2023
Error type identifier: CWE-94

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
zabbixsisyphus6.0.27-alt16.0.29-alt1ALT-PU-2024-3075-1341482Fixed
zabbixsisyphus_e2k6.0.27-alt26.0.29-alt1ALT-PU-2024-4292-1-Fixed
zabbixsisyphus_riscv646.0.27-alt16.0.29-alt1ALT-PU-2024-4119-1-Fixed
zabbixsisyphus_loongarch646.0.27-alt16.0.29-alt1ALT-PU-2024-3139-1-Fixed
zabbixp106.0.25-alt0.p10.36.0.29-alt0.p10.1ALT-PU-2024-1355-2338813Fixed
zabbixp10_e2k6.0.25-alt0.p10.36.0.29-alt0.p10.1ALT-PU-2024-1497-1-Fixed
zabbixc10f16.0.25-alt0.c10f1.16.0.27-alt0.c10f1.1ALT-PU-2024-1565-3339367Fixed
zabbixc9f25.0.40-alt15.0.40-alt1ALT-PU-2024-1356-2338818Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://support.zabbix.com/browse/ZBX-23858
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:zabbix:zabbix-agent2:*:*:*:*:*:*:*:*
      Start including
      5.0.0
      End including
      5.0.38
      cpe:2.3:a:zabbix:zabbix-agent2:*:*:*:*:*:*:*:*
      Start including
      6.0.0
      End including
      6.0.23
      cpe:2.3:a:zabbix:zabbix-agent2:*:*:*:*:*:*:*:*
      Start including
      6.4.0
      End including
      6.4.8
      cpe:2.3:a:zabbix:zabbix-agent2:7.0.0:alpha1:*:*:*:*:*:*
      cpe:2.3:a:zabbix:zabbix-agent2:7.0.0:alpha2:*:*:*:*:*:*
      cpe:2.3:a:zabbix:zabbix-agent2:7.0.0:alpha3:*:*:*:*:*:*
      cpe:2.3:a:zabbix:zabbix-agent2:7.0.0:alpha6:*:*:*:*:*:*
      cpe:2.3:a:zabbix:zabbix-agent2:7.0.0:alpha7:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top