CVE-2023-32727

Description

An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.

How to fix CVE-2023-32727

To remediate CVE-2023-32727, upgrade the affected package to a fixed version below.

Debian/zabbix—upgrade to 1:5.0.44+dfsg-1+deb11u1 or later

Is CVE-2023-32727 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1:5.0.44+dfsg-1+deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2023-32727