CVE-2024-22121: Zabbix Agent MSI Installer Allows Non-Admin User to Access Change Option via msiexec.exe
First published: Fri Aug 09 2024(Updated: )
A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.
Credit: security@zabbix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zabbix Server | >=5.0.0<=5.0.42 | |
| Zabbix Server | >=6.0.0<=6.0.30 | |
| Zabbix Server | >=6.4.0<=6.4.15 | |
| Zabbix Server | =7.0.0-alpha1 | |
| Zabbix Server | =7.0.0-alpha2 | |
| Zabbix Server | =7.0.0-alpha3 | |
| Zabbix Server | =7.0.0-alpha4 | |
| Zabbix Server | =7.0.0-alpha5 | |
| Zabbix Server | =7.0.0-alpha6 | |
| Zabbix Server | =7.0.0-alpha7 | |
| Zabbix Server | =7.0.0-alpha8 | |
| Zabbix Server | =7.0.0-alpha9 | |
| Zabbix Server | =7.0.0-beta1 | |
| Zabbix Server | =7.0.0-beta2 | |
| Zabbix Server | =7.0.0-beta3 | |
| Zabbix Server | =7.0.0-rc1 | |
| Zabbix Server | =7.0.0-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-22121?
CVE-2024-22121 is classified as a high-severity vulnerability due to its potential impact on the integrity and availability of Zabbix Agent.
How do I fix CVE-2024-22121?
To fix CVE-2024-22121, upgrade to the latest patched version of the Zabbix Agent application as recommended in the security release notes.
What versions of Zabbix are affected by CVE-2024-22121?
CVE-2024-22121 affects Zabbix versions between 5.0.0 and 5.0.42, as well as 6.0.0 to 6.0.30 and 6.4.0 to 6.4.15, along with multiple alpha, beta, and release candidate versions of 7.0.
Can non-admin users exploit CVE-2024-22121?
Yes, non-admin users can exploit CVE-2024-22121 to change or remove important features within the Zabbix Agent application.
What should I do if I am using an affected version of Zabbix?
If you are using an affected version of Zabbix, it is crucial to upgrade to a non-vulnerable version to ensure the security and functionality of your application.
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/zabbix
- canonical/zabbix server
- version/zabbix server/5.0.0
- version/zabbix server/5.0.42
- version/zabbix server/6.0.0
- version/zabbix server/6.0.30
- version/zabbix server/6.4.0
- version/zabbix server/6.4.15
- version/zabbix server/7.0.0-alpha1
- version/zabbix server/7.0.0-alpha2
- version/zabbix server/7.0.0-alpha3
- version/zabbix server/7.0.0-alpha4
- version/zabbix server/7.0.0-alpha5
- version/zabbix server/7.0.0-alpha6
- version/zabbix server/7.0.0-alpha7
- version/zabbix server/7.0.0-alpha8
- version/zabbix server/7.0.0-alpha9
- version/zabbix server/7.0.0-beta1
- version/zabbix server/7.0.0-beta2
- version/zabbix server/7.0.0-beta3
- version/zabbix server/7.0.0-rc1
- version/zabbix server/7.0.0-rc2