CVE-2023-32728: Code injection in zabbix_agent2 smart.disk.get caused by smartctl plugin

4.6 CVSS

Description

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.

Classification

CVE ID: CVE-2023-32728

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.6

Affected Products

Vendor: Zabbix

Product: Zabbix

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.24% (probability of being exploited)

EPSS Percentile: 61.84% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://support.zabbix.com/browse/ZBX-23858

Timeline

2024-11-28 00:11:10 UTC
CVE

Code injection in zabbix_agent2 smart.disk.get caused by smartctl plugin