Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
New line injection in Zabbix SNMP traps
Vulnerability Description
The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
Zabbix 安全漏洞
Vulnerability Description
Zabbix是Zabbix公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。 Zabbix 6.0.0至6.0.34版本、6.4.0至6.4.19版本和7.0.0至7.0.2版本存在安全漏洞,该漏洞源于攻击者可构造带有额外信息行的SNMP陷阱,致使伪造数据显示在Zabbix UI中。
CVSS Information
N/A
Vulnerability Type
N/A