CVE-2023-32727
Publication date 18 December 2023
Last updated 30 May 2025
Ubuntu priority
An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| zabbix | 25.04 plucky |
Not affected
|
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy |
Vulnerable
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.8 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | High |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |