CVE-2017-2825
Last modified
CVE-2017-2825 is a vulnerability of currently unknown severity. In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.. EPSS estimates a 4.38% chance of exploitation in the next 30 days.
Description
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zabbix | Zabbix | >= 2.4.0, <= 2.4.8 |
| Debian | Debian Linux | 8.0 |
| Debian | Debian Linux | 9.0 |
References
- http://www.securityfocus.com/bid/98094Third Party Advisory, VDB Entry
- https://talosintelligence.com/vulnerability_reports/TALOS-2017-0326Exploit, Technical Description, Third Party Advisory
- https://www.debian.org/security/2017/dsa-3937Third Party Advisory
- http://www.securityfocus.com/bid/98094Third Party Advisory, VDB Entry
- https://talosintelligence.com/vulnerability_reports/TALOS-2017-0326Exploit, Technical Description, Third Party Advisory
- https://www.debian.org/security/2017/dsa-3937Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2825?
How severe is CVE-2017-2825?
How do I fix CVE-2017-2825?
Are you affected by CVE-2017-2825?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST