SQL Injection in Zabbix Allows Complete System Takeover

Zabbix, a widely used open-source monitoring tool for networks and systems, has recently been found to contain a critical security vulnerability. This flaw could enable attackers to gain complete control over affected systems.

The vulnerability, identified as CVE-2024-42327, affects multiple versions of Zabbix. It has been assigned a CVSS score of 9.9, highlighting its critical nature.

The issue lies within the addRelatedObjects function of the CUser class in the Zabbix frontend. This function is invoked by the CUser.get method, which is accessible to any user with API access.

What makes this vulnerability particularly alarming is that it can be exploited by non-administrative user accounts with a basic User role or any role that grants API access. This significantly broadens the scope of the risk.

Successful exploitation of this vulnerability could result in:

  • Unauthorized access to the Zabbix database;
  • Theft of confidential information;
  • Alteration or deletion of critical monitoring data;
  • Execution of arbitrary commands on the database server;
  • Privilege escalation within the Zabbix system.

This vulnerability poses a significant threat to the integrity, confidentiality, and functionality of monitoring infrastructure.

The vulnerability affects the following Zabbix versions:

  • 6.0.0–6.0.31;
  • 6.4.0–6.4.16;
  • 7.0.0.

As of November 28, 2024, Zabbix has not released a patch to address this issue. However, the company has acknowledged the vulnerability and is actively working on a resolution.

Until a security update becomes available, experts recommend implementing the following measures:

  • Review and restrict API access permissions;
  • Introduce additional access controls and monitoring for the Zabbix frontend;
  • Deploy a Web Application Firewall (WAF) to detect and block potential SQL injection attempts;
  • Regularly audit user roles and permissions;
  • Segment the network to isolate the Zabbix server from other systems;
  • Monitor database and application logs for suspicious activity.

Zabbix users are strongly urged to prioritize addressing this vulnerability and promptly apply security updates once they are available. The potential for attackers to take full control of the Zabbix system underscores the importance of protecting monitoring infrastructure and sensitive information.

Skip to content