CVE-2024-42332
3.7
LOW
CVSS 3.1
EPSS 0.84%
Description
The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.
How to fix CVE-2024-42332
To remediate CVE-2024-42332, upgrade the affected package to a fixed version below.
- —upgrade to 1:5.0.45+dfsg-1+deb11u1 or later
Is CVE-2024-42332 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:5.0.45+dfsg-1+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |