216.73.217.80

CVE-2024-22122

· Published 12/08/2024 13:38 · Modified 12/08/2024 13:41

Labels: CVE-2024-22122 2024-08-12CVE-2024-22122CWE-77[email protected]

Essential information

Published
12/08/2024 13:38
Modified
12/08/2024 13:41
Author
Creator
CVSS
3.0 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N

CVSS metrics

Description

Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References