Intrusion PreventionZabbix.Server.Active.Proxy.Trapper.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection vulnerability in Zabbix.
The vulnerability is due to a design flaw when the vulnerable software handles a crafted user supplied request. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted request.
Affected Products
ZABBIX ZABBIX 2.4.7 to 2.4.8.r1
ZABBIX ZABBIX 2.0.x prior to 2.0.21rc1
ZABBIX ZABBIX 2.2.x prior to 2.2.18rc1
ZABBIX ZABBIX 3.0.x prior to 3.0.9rc1
ZABBIX ZABBIX 3.2.x prior to 3.2.5rc1
ZABBIX ZABBIX 3.4.x prior to 3.4.0alpha1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://support.zabbix.com/browse/ZBX-12075
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-06-10 | 14.629 | Severity:medium:high |
| ID | 44049 |
| Created | Jun 01, 2017 |
| Updated | Jun 07, 2019 |
| Risk |
|
| CVE ID | CVE-2017-2824 |
| Exploit Prediction Score | 71.58% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, BSD |
| Affected App | PHP_app |