FKIE_CVE-2017-2825

Vulnerability from fkie_nvd - Published: 2018-04-20 21:29 - Updated: 2024-11-21 03:24
Severity ?
7.0 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
Summary
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.
References
talos-cna@cisco.comhttp://www.securityfocus.com/bid/98094Third Party Advisory, VDB Entry
talos-cna@cisco.comhttps://talosintelligence.com/vulnerability_reports/TALOS-2017-0326Exploit, Technical Description, Third Party Advisory
talos-cna@cisco.comhttps://www.debian.org/security/2017/dsa-3937Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98094Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://talosintelligence.com/vulnerability_reports/TALOS-2017-0326Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-3937Third Party Advisory
Impacted products
Vendor Product Version
zabbix zabbix *
debian debian_linux 8.0
debian debian_linux 9.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E766F0-9C78-4A6E-9321-B7F78885CC5C",
              "versionEndIncluding": "2.4.8",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "En la funcionalidad trapper de Zabbix Server 2.4.x, los paquetes trapper espec\u00edficamente manipulados pueden pasar comprobaciones de l\u00f3gica de base de datos, lo que resulta en escrituras en la base de datos. Un atacante puede establecer un servidor Man-in-the-Middle para alterar las peticiones trapper realizadas entre un proxy y un servidor Zabbix para desencadenar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2017-2825",
  "lastModified": "2024-11-21T03:24:13.560",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-20T21:29:00.563",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98094"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0326"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3937"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.