CVE-2024-42332 LOW

CVE-2024-42332: New line injection in Zabbix SNMP traps

Vendor Zabbix
Product Zabbix
Published November 27, 2024
Last update November 3, 2025

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.

Key dates

02Disclosure timeline

November 27, 2024 CVE published
November 3, 2025 Record updated