CVE-2020-11800

high-risk
Published 2020-10-07

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

Do I need to act?

!
47.8% chance of exploitation in next 30 days
EPSS score — higher than 52% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (7)

Affected Vendors

Debian Zabbix Opensuse

References (10)

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html
Mailing List https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html
Vendor Advisory https://support.zabbix.com/browse/DEV-1538
Vendor Advisory https://support.zabbix.com/browse/ZBX-17600
Permissions Required https://support.zabbix.com/browse/ZBXSEC-30
Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html
Mailing List https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html
Vendor Advisory https://support.zabbix.com/browse/DEV-1538
Vendor Advisory https://support.zabbix.com/browse/ZBX-17600
Permissions Required https://support.zabbix.com/browse/ZBXSEC-30
63
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 17/34 · Moderate
Exposure 14/34 · Moderate