Vulnerability Details CVE-2024-22122
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.5%
CVSS Severity
CVSS v3 Score 3.0
References
Products affected by CVE-2024-22122
-
cpe:2.3:a:zabbix:zabbix:5.0.0
-
cpe:2.3:a:zabbix:zabbix:5.0.1
-
cpe:2.3:a:zabbix:zabbix:5.0.10
-
cpe:2.3:a:zabbix:zabbix:5.0.11
-
cpe:2.3:a:zabbix:zabbix:5.0.12
-
cpe:2.3:a:zabbix:zabbix:5.0.13
-
cpe:2.3:a:zabbix:zabbix:5.0.14
-
cpe:2.3:a:zabbix:zabbix:5.0.15
-
cpe:2.3:a:zabbix:zabbix:5.0.16
-
cpe:2.3:a:zabbix:zabbix:5.0.17
-
cpe:2.3:a:zabbix:zabbix:5.0.18
-
cpe:2.3:a:zabbix:zabbix:5.0.19
-
cpe:2.3:a:zabbix:zabbix:5.0.2
-
cpe:2.3:a:zabbix:zabbix:5.0.20
-
cpe:2.3:a:zabbix:zabbix:5.0.21
-
cpe:2.3:a:zabbix:zabbix:5.0.22
-
cpe:2.3:a:zabbix:zabbix:5.0.23
-
cpe:2.3:a:zabbix:zabbix:5.0.24
-
cpe:2.3:a:zabbix:zabbix:5.0.25
-
cpe:2.3:a:zabbix:zabbix:5.0.26
-
cpe:2.3:a:zabbix:zabbix:5.0.27
-
cpe:2.3:a:zabbix:zabbix:5.0.28
-
cpe:2.3:a:zabbix:zabbix:5.0.29
-
cpe:2.3:a:zabbix:zabbix:5.0.3
-
cpe:2.3:a:zabbix:zabbix:5.0.30
-
cpe:2.3:a:zabbix:zabbix:5.0.31
-
cpe:2.3:a:zabbix:zabbix:5.0.32
-
cpe:2.3:a:zabbix:zabbix:5.0.33
-
cpe:2.3:a:zabbix:zabbix:5.0.34
-
cpe:2.3:a:zabbix:zabbix:5.0.35
-
cpe:2.3:a:zabbix:zabbix:5.0.36
-
cpe:2.3:a:zabbix:zabbix:5.0.37
-
cpe:2.3:a:zabbix:zabbix:5.0.38
-
cpe:2.3:a:zabbix:zabbix:5.0.39
-
cpe:2.3:a:zabbix:zabbix:5.0.4
-
cpe:2.3:a:zabbix:zabbix:5.0.40
-
cpe:2.3:a:zabbix:zabbix:5.0.41
-
cpe:2.3:a:zabbix:zabbix:5.0.42
-
cpe:2.3:a:zabbix:zabbix:5.0.5
-
cpe:2.3:a:zabbix:zabbix:5.0.6
-
cpe:2.3:a:zabbix:zabbix:5.0.7
-
cpe:2.3:a:zabbix:zabbix:5.0.8
-
cpe:2.3:a:zabbix:zabbix:5.0.9
-
cpe:2.3:a:zabbix:zabbix:6.0.0
-
cpe:2.3:a:zabbix:zabbix:6.0.1
-
cpe:2.3:a:zabbix:zabbix:6.0.10
-
cpe:2.3:a:zabbix:zabbix:6.0.11
-
cpe:2.3:a:zabbix:zabbix:6.0.12
-
cpe:2.3:a:zabbix:zabbix:6.0.13
-
cpe:2.3:a:zabbix:zabbix:6.0.14
-
cpe:2.3:a:zabbix:zabbix:6.0.15
-
cpe:2.3:a:zabbix:zabbix:6.0.16
-
cpe:2.3:a:zabbix:zabbix:6.0.17
-
cpe:2.3:a:zabbix:zabbix:6.0.18
-
cpe:2.3:a:zabbix:zabbix:6.0.19
-
cpe:2.3:a:zabbix:zabbix:6.0.2
-
cpe:2.3:a:zabbix:zabbix:6.0.20
-
cpe:2.3:a:zabbix:zabbix:6.0.21
-
cpe:2.3:a:zabbix:zabbix:6.0.22
-
cpe:2.3:a:zabbix:zabbix:6.0.23
-
cpe:2.3:a:zabbix:zabbix:6.0.24
-
cpe:2.3:a:zabbix:zabbix:6.0.25
-
cpe:2.3:a:zabbix:zabbix:6.0.26
-
cpe:2.3:a:zabbix:zabbix:6.0.27
-
cpe:2.3:a:zabbix:zabbix:6.0.28
-
cpe:2.3:a:zabbix:zabbix:6.0.29
-
cpe:2.3:a:zabbix:zabbix:6.0.3
-
cpe:2.3:a:zabbix:zabbix:6.0.30
-
cpe:2.3:a:zabbix:zabbix:6.0.4
-
cpe:2.3:a:zabbix:zabbix:6.0.5
-
cpe:2.3:a:zabbix:zabbix:6.0.6
-
cpe:2.3:a:zabbix:zabbix:6.0.7
-
cpe:2.3:a:zabbix:zabbix:6.0.8
-
cpe:2.3:a:zabbix:zabbix:6.0.9
-
cpe:2.3:a:zabbix:zabbix:6.4.0
-
cpe:2.3:a:zabbix:zabbix:6.4.1
-
cpe:2.3:a:zabbix:zabbix:6.4.10
-
cpe:2.3:a:zabbix:zabbix:6.4.11
-
cpe:2.3:a:zabbix:zabbix:6.4.12
-
cpe:2.3:a:zabbix:zabbix:6.4.13
-
cpe:2.3:a:zabbix:zabbix:6.4.14
-
cpe:2.3:a:zabbix:zabbix:6.4.15
-
cpe:2.3:a:zabbix:zabbix:6.4.2
-
cpe:2.3:a:zabbix:zabbix:6.4.3
-
cpe:2.3:a:zabbix:zabbix:6.4.4
-
cpe:2.3:a:zabbix:zabbix:6.4.5
-
cpe:2.3:a:zabbix:zabbix:6.4.6
-
cpe:2.3:a:zabbix:zabbix:6.4.7
-
cpe:2.3:a:zabbix:zabbix:6.4.8
-
cpe:2.3:a:zabbix:zabbix:6.4.9
-
cpe:2.3:a:zabbix:zabbix:7.0.0