Cyber Resilience

CVE-2024-22122

Low

Published: 12 August 2024

Published
12 August 2024
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 3.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N
EPSS Score 0.0044 63.5th percentile
Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-22122 is a low-severity Command Injection (CWE-77) vulnerability in Zabbix Zabbix. Its CVSS base score is 3.0 (Low).

Operationally, ranked in the top 36.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and…

more

execute additional AT commands on modem.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

zabbix
zabbix
7.0.0 · 5.0.0 — 5.0.42 · 6.0.0 — 6.0.30 · 6.4.0 — 6.4.15

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References