CVE-2013-6824
UnknownEPSS 2.75%
Last modified
CVE-2013-6824 is a vulnerability of currently unknown severity. Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.. EPSS estimates a 2.75% chance of exploitation in the next 30 days.
Description
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zabbix | Zabbix | <= 1.8.18 |
| Zabbix | Zabbix | 2.0.0 |
| Zabbix | Zabbix | 2.2.0 |
References
- http://www.zabbix.com/rn1.8.19rc1.phpPatch, Vendor Advisory
- http://www.zabbix.com/rn2.0.10rc1.phpPatch, Vendor Advisory
- http://www.zabbix.com/rn2.2.1rc1.phpPatch, Vendor Advisory
- https://support.zabbix.com/browse/ZBX-7479Exploit, Patch
- http://www.zabbix.com/rn1.8.19rc1.phpPatch, Vendor Advisory
- http://www.zabbix.com/rn2.0.10rc1.phpPatch, Vendor Advisory
- http://www.zabbix.com/rn2.2.1rc1.phpPatch, Vendor Advisory
- https://support.zabbix.com/browse/ZBX-7479Exploit, Patch
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-6824?
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
How severe is CVE-2013-6824?
Severity scoring for CVE-2013-6824 is pending analysis. The EPSS model estimates a 2.75% probability of exploitation in the next 30 days.
How do I fix CVE-2013-6824?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2013-6824?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST