CVE-2024-22123: 
Zabbix Server vulnerability analysis and mitigation

A vulnerability in Zabbix (CVE-2024-22123) was discovered affecting versions 5.0.0 through 5.0.42, 6.0.0 through 6.0.30, 6.4.0 through 6.4.15, and 7.0.0alpha1 through 7.0.0. The vulnerability allows setting SMS media to specify a GSM modem file, which is later used as a Linux device. Due to Linux's "everything is a file" principle, it's possible to set alternative files like log files, leading to potential data exposure (Zabbix Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 2.7 (Low) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N. It is classified as CWE-94 (Improper Control of Generation of Code). The issue stems from the SMS media functionality where the system attempts to communicate with specified files as if they were modems, potentially leading to file corruption and information leakage (NVD).

The vulnerability's impact is considered low, primarily allowing attackers to partially corrupt Zabbix log files and potentially read small, uncontrolled portions of the log content. In cases where the Zabbix server runs with elevated privileges, there might be potential for denial of service attacks (Zabbix Advisory).

The vulnerability has been fixed in Zabbix versions 5.0.43rc1, 6.0.31rc1, 6.4.16rc1, and 7.0.0rc3. Users are strongly advised to upgrade to these or newer versions to mitigate the vulnerability (Debian Security).