CVE-2013-3628: 
Zabbix Server vulnerability analysis and mitigation

CVE-2013-3628 is an authenticated remote command execution vulnerability affecting Zabbix version 2.0.9. The vulnerability was discovered and disclosed in October 2013. The issue allows an authenticated administrator to execute arbitrary commands on the Zabbix host system through the script creation functionality (Rapid7 Blog, ExploitDB).

The vulnerability exists in Zabbix's script creation functionality where an authenticated administrator can create scripts that will be run on hosts. An attacker can create a script containing malicious payload, then create a host with an IP of 127.0.0.1, and execute the arbitrary script on the Zabbix host system. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

Successful exploitation of this vulnerability allows an authenticated attacker to execute arbitrary commands with system privileges on the Zabbix host system. This could lead to complete system compromise, including the ability to read sensitive data, modify system configurations, or use the compromised system as a pivot point for further network attacks (ExploitDB).

The vendor has marked this as 'wontfix' as it is considered intended functionality for administrators to be able to execute scripts on the system. Organizations using Zabbix should ensure that administrative access is strictly controlled and monitored. Additionally, implementing network segmentation and access controls to limit who can reach the Zabbix interface is recommended (Rapid7 Blog).