CVE-2024-22122
Low
Published: 12 August 2024
Published
12 August 2024
Modified
03 November 2025
KEV Added
—
Patch
—
CVSS Score v3.1
3.0
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N
EPSS Score
0.0044
63.5th percentile
Risk Priority
6
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-22122 is a low-severity Command Injection (CWE-77) vulnerability in Zabbix Zabbix. Its CVSS base score is 3.0 (Low).
Operationally, ranked in the top 36.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-19718
Vulnerability details
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and…
more
execute additional AT commands on modem.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
zabbix
zabbix
7.0.0 · 5.0.0 — 5.0.42 · 6.0.0 — 6.0.30 · 6.4.0 — 6.4.15
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.