CVE-2024-22122 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-22122 Interim 1 5 2025-02-16T01:36:48Z current 2024-08-16T23:16:17Z 2025-02-16T01:36:48Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-22122 Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server Teradata 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP5 zabbix zabbix-agent zabbix as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 zabbix-agent as a component of SUSE Linux Enterprise Server 12 SP4-LTSS zabbix as a component of SUSE Linux Enterprise Server 12 SP4-LTSS zabbix-agent as a component of SUSE Linux Enterprise Server 12 SP5 zabbix as a component of SUSE Linux Enterprise Server 12 SP5 zabbix as a component of SUSE Linux Enterprise Server Teradata 12 SP3 zabbix as a component of SUSE Linux Enterprise Server Teradata 12 SP3-LTSS zabbix as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem. CVE-2024-22122 SUSE Linux Enterprise High Performance Computing 12 SP5:zabbix SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix-agent SUSE Linux Enterprise Server 12 SP5:zabbix SUSE Linux Enterprise Server 12 SP5:zabbix-agent SUSE Linux Enterprise Server Teradata 12 SP3-LTSS:zabbix SUSE Linux Enterprise Server Teradata 12 SP3:zabbix SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix low 3 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N