CVE-2024-36466: 
Zabbix Server vulnerability analysis and mitigation

CVE-2024-36466 is a security vulnerability affecting Zabbix software that was discovered and disclosed on November 28, 2024. The vulnerability allows an attacker to sign a forged zbx_session cookie, which can be exploited to gain unauthorized access with administrative permissions. This vulnerability specifically affects certain versions of Zabbix, including version 6.0.14 in Debian bookworm, while it has been fixed in versions 7.0.9 and later (Debian Tracker).

The vulnerability stems from a code flaw related to session handling in Zabbix's frontend component, specifically when SSO (Single Sign-On) is being used. The vulnerable feature was introduced with commit 24e7ca3c792fe3581fdb39c3f7c914c6a4c92500 in version 6.0.0alpha1. The issue has been addressed through fixes implemented in versions 6.0.32rc1 and 7.0.1rc1 (Zabbix Support).

When successfully exploited, this vulnerability allows unauthorized users to gain administrative access to the Zabbix frontend, potentially compromising the entire monitoring system's security. The attacker can achieve this by manipulating the zbx_session cookie to obtain administrator-level permissions (NVD).

The vulnerability has been fixed in multiple versions including 6.0.32rc1, 6.4.17rc1, and 7.0.1rc1. Users are advised to upgrade to these or later versions. The fixes were implemented through commits 6e39148b7361312f730d87e4438f692a2c39d07e (7.0.1rc1) and 48e7615d1e1e3a5f543505cc6cb0a5564a655b58 (6.0.32rc1) (Debian Tracker).