CVE-2017-2825

In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.

Published : 2018-04-20 21:29 Updated : 2019-10-03 00:03

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Zabbix Zabbix 2.4.0 cpe:/a:zabbix:zabbix:2.4.0:-
Zabbix Zabbix 2.4.0 cpe:/a:zabbix:zabbix:2.4.0:rc1
Zabbix Zabbix 2.4.0 cpe:/a:zabbix:zabbix:2.4.0:rc2
Zabbix Zabbix 2.4.0 cpe:/a:zabbix:zabbix:2.4.0:rc3
Zabbix Zabbix 2.4.1 cpe:/a:zabbix:zabbix:2.4.1:-
Zabbix Zabbix 2.4.1 cpe:/a:zabbix:zabbix:2.4.1:rc1
Zabbix Zabbix 2.4.1 cpe:/a:zabbix:zabbix:2.4.1:rc2
Zabbix Zabbix 2.4.2 cpe:/a:zabbix:zabbix:2.4.2:-
Zabbix Zabbix 2.4.2 cpe:/a:zabbix:zabbix:2.4.2:rc1
Zabbix Zabbix 2.4.3 cpe:/a:zabbix:zabbix:2.4.3:-
Zabbix Zabbix 2.4.3 cpe:/a:zabbix:zabbix:2.4.3:rc1
Zabbix Zabbix 2.4.4 cpe:/a:zabbix:zabbix:2.4.4:-
Zabbix Zabbix 2.4.4 cpe:/a:zabbix:zabbix:2.4.4:rc1
Zabbix Zabbix 2.4.5 cpe:/a:zabbix:zabbix:2.4.5:-
Zabbix Zabbix 2.4.5 cpe:/a:zabbix:zabbix:2.4.5:rc1
Zabbix Zabbix 2.4.6 cpe:/a:zabbix:zabbix:2.4.6:-
Zabbix Zabbix 2.4.6 cpe:/a:zabbix:zabbix:2.4.6:rc1
Zabbix Zabbix 2.4.7 cpe:/a:zabbix:zabbix:2.4.7:-
Zabbix Zabbix 2.4.7 cpe:/a:zabbix:zabbix:2.4.7:rc1
Zabbix Zabbix 2.4.8 cpe:/a:zabbix:zabbix:2.4.8:-
Zabbix Zabbix 2.4.8 cpe:/a:zabbix:zabbix:2.4.8:rc1
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
  1. Zabbix (1) Search CVE
    1. Zabbix (9) Search CVE
      1. 2.4.0
      2. 2.4.1
      3. 2.4.2
      4. 2.4.3
      5. 2.4.4
      6. 2.4.5
      7. 2.4.6
      8. 2.4.7
      9. 2.4.8
  2. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 8.0
      2. 9.0

CWE

There is no CWE for this CVE.

History of changes

Date Event
2019-10-03 00:03
2018-05-22 18:22
2018-04-22 01:29
2018-04-20 21:29

New CVE