CVE-2024-22122
CVSS V2 None
CVSS V3 None
Description
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.
Overview
- CVE ID
- CVE-2024-22122
- Assigner
- Zabbix
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-09T08:46:21.444Z
- Last Modified Date
- 2024-08-09T14:47:01.476Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://support.zabbix.com/browse/ZBX-25012 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-22122 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22122 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-08-10 13:09:57 | Added to TrackCVE |