Detections
Analytics

ZABBIX Multiple Overflows

high Nessus Network Monitor Plugin ID 3788

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote server is running ZABBIX, an open-source tool that is used to manage network devices. This version of ZABBIX is vulnerable to a flaw in the way that it handles agent data. An attacker spoofing an agent would be able to exploit a number of flaws that would give the attacker the rights of the ZABBIX server.

Solution

No solution is known at this time.

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391388

Plugin Details

Severity: High

ID: 3788

Family: CGI

Published: 10/10/2006

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:zabbix:zabbix

Reference Information

CVE: CVE-2006-6692, CVE-2006-6693

BID: 20416