ID CVE-2017-2825
Summary In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:zabbix:zabbix:2.4.0:-:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.0:-:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.1:-:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.1:-:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.2:-:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.2:-:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.3:-:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.3:-:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.4:-:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.4:-:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.5:-:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.5:-:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.6:-:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.6:-:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.7:-:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.7:-:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.8:-:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.8:-:*:*:*:*:*:*
  • cpe:2.3:a:zabbix:zabbix:2.4.8:rc1:*:*:*:*:*:*
    cpe:2.3:a:zabbix:zabbix:2.4.8:rc1:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 98094
debian DSA-3937
misc https://talosintelligence.com/vulnerability_reports/TALOS-2017-0326
Last major update 03-10-2019 - 00:03
Published 20-04-2018 - 21:29
Last modified 03-10-2019 - 00:03
Back to Top