Home > Vulnerability Database > CVE-2024-22122

Mend.io Vulnerability Database

CVE-2024-22122

Date: August 9, 2024

Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.

Language: C

Severity Score

3.0

Related Resources (3)

Url: https://support.zabbix.com/browse/ZBX-25012

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-22122

Url: https://www.mend.io/vulnerability-database/CVE-2024-22122

Severity Score

3.0

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

CVSS v3.1

Base Score:	3.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-22122

Date: August 9, 2024

Language: C

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?