CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-42327

Critical Severity
SVRS
70/100
CVSSv3
NA/10
EPSS
0.85445/1

CVE-2024-42327 is a newly identified vulnerability; a description is not yet publicly available. Given the absence of a CVSS score but a SOCRadar Vulnerability Risk Score (SVRS) of 70, this vulnerability demands attention. While not deemed "critical" (SVRS above 80), the SVRS, factoring in real-world threat intelligence, suggests potential exploitation risk. The "In The Wild" and "Exploit Available" tags indicate that exploits are already circulating, significantly increasing the risk. Without a full description, mitigation steps are challenging, but continuous monitoring and proactive threat hunting are crucial. Organizations should prioritize investigating CVE-2024-42327 as more information becomes available, especially considering active exploits exist. The significance lies in its active exploitation despite limited public details, emphasizing the need for vigilance.

TAGS
In The Wild
Exploit Avaliable
Exploit Available
VECTOR STRING
PUBLICATION DATE2024-11-27
LAST MODIFIED2024-11-27
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-42327 is a newly disclosed vulnerability with no publicly available description yet. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) is 48, indicating a potential moderate risk. This discrepancy is attributed to the SVRS's unique approach, integrating various "Vulnerability Intelligence" elements beyond quantitative factors. This implies that while the vulnerability might not be inherently critical based on the CVSS, the SVRS suggests that it could pose a significant threat due to factors like its potential use by threat actors, availability of exploits, and presence in the wild.

Key Insights

  1. Limited Information: The lack of a detailed description for CVE-2024-42327 makes it difficult to fully assess its nature and potential impact. This highlights the importance of relying on dynamic threat intelligence platforms like SOCRadar to monitor emerging threats and receive proactive alerts.

  2. Exploit Availability: The "Exploit Available" tag indicates that active exploits have been published for CVE-2024-42327. This signifies an urgent need for immediate mitigation measures to protect systems from exploitation.

  3. In the Wild: The "In the Wild" tag confirms that CVE-2024-42327 is actively exploited by attackers in real-world attacks. This necessitates a rapid response and the implementation of robust security measures to counter ongoing threats.

  4. Threat Actors: While specific threat actors or APT groups haven't been publicly linked to CVE-2024-42327 yet, the presence of active exploits and "In the Wild" status suggests that various malicious actors might be exploiting this vulnerability.

Mitigation Strategies

  1. Immediate Patching: Prioritize patching systems with available updates and security fixes for CVE-2024-42327. This should be done as quickly as possible to minimize exposure to exploitation attempts.

  2. Network Segmentation: Implementing network segmentation can help isolate vulnerable systems and limit the potential impact of a successful attack. This can prevent attackers from spreading laterally and accessing sensitive data.

  3. Intrusion Detection and Prevention Systems (IDS/IPS): Deploy and configure effective IDS/IPS solutions to detect and prevent malicious activity related to CVE-2024-42327. This will help to identify and block exploit attempts.

  4. Threat Intelligence Monitoring: Continuously monitor threat intelligence feeds and reports from reputable sources like SOCRadar for any updates, new exploits, or indicators of compromise associated with CVE-2024-42327. This will enable proactive mitigation and response efforts.

Additional Information

For more detailed information about CVE-2024-42327, including potential impacts and mitigation strategies, users can utilize the "Ask to Analyst" feature, contact SOCRadar directly, or open a support ticket if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Zabbix 7.0.0 - SQL Injectionhttps://support.zabbix.com/browse/ZBX-256232025-04-16
watchdog1337/CVE-2024-42327_Zabbix_SQLIhttps://github.com/watchdog1337/CVE-2024-42327_Zabbix_SQLI2024-12-07
compr00t/CVE-2024-42327https://github.com/compr00t/CVE-2024-423272024-12-03
BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCEhttps://github.com/BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE2025-01-01
godylockz/CVE-2024-42327https://github.com/godylockz/CVE-2024-423272025-02-16
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Racing the Clock: Outpacing Accelerating Attacks
Irene Fuentes McDonnell2025-03-01
Racing the Clock: Outpacing Accelerating Attacks | Our research reveals 2024 saw a 22% increase in attack speed compared to 2023, with the fastest incident achieving lateral movement in just 27 minutes.Key Findings 2024 was the year cyber threats got quicker. Cyber attackers really picked up the pace, executing faster, more efficient breaches that pushed traditional
digitalshadows.com
rss
forum
news
Zabbix SQL Multiple Vulns
godylockz2025-02-20
Zabbix SQL Multiple Vulns | Topic: Zabbix SQL Multiple Vulns Risk: Medium Text:#!/usr/bin/env python3 # -*- coding: utf-8 -*- """ This script is used to exploit CVE-2024-42327 affecting Zabbix servers to...
securityreason.com
rss
forum
news
Tageszusammenfassung - 28.11.2024
CERT.at2025-02-01
Tageszusammenfassung - 28.11.2024 | End-of-Day report Timeframe: Mittwoch 27-11-2024 18:00 - Donnerstag 28-11-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a News Zello asks users to reset passwords after security incident Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach. https://www.bleepingcomputer.com/news/security/zello-asks-users-to-reset-passwords-after-security-incident/ Sneaky
cert.at
rss
forum
news
1.786
2024-12-06
1.786 | Newly Added (7)Zabbix Agent CVE-2024-42327 SQL Injection VulnerabilityMitel MiCollab CVE-2024-35286 Access Control Bypass VulnerabilityAdobe After Effects CVE-2024-20737 Out of Bounds Read VulnerabilityAdobe
fortiguard.com
rss
forum
news
Anyone else notice a lack of quality on Tenable scans?
/u/Reed_Thompson_2024-12-05
Anyone else notice a lack of quality on Tenable scans? | I have configured the scan policy, the credentials, etc. But still nessus is not finding obviously compromised machines.... im talking the recent pan OS vuln and CVE-2024-42327.   submitted by   /u/Reed_Thompson_ [link]  
reddit.com
rss
forum
news
Top 10 Daily Cybercrime Brief by FCRF [03.12.2024]: Click here to Know More - The420.in
2024-12-03
Top 10 Daily Cybercrime Brief by FCRF [03.12.2024]: Click here to Know More - The420.in | News Content: By Important global cybercrime news has been curated by FutureCrime Researchers to keep you informed about various types of digital fraud occurring worldwide and to provide insights into the best mitigation strategies. Read below to learn more in detail. 1. Cybercrime Ring Busted in Gurugram: Rs 74 Crore Duped Nationwide Gurugram police arrested eight cybercriminals for defrauding 7,719 victims of Rs 74.2 crore nationwide over 6-8 months. Assisted by I4C, the investigation revealed 292 FIRs, including 24 in Haryana. Police seized mobile
google.com
rss
forum
news
Alerta do Zabix para falha com gravidade 9.9
Da Redação2024-12-02
Alerta do Zabix para falha com gravidade 9.9 | Uma vulnerabilidade crítica foi identificada no Zabbix, ferramenta de monitoramento de código aberto amplamente utilizada por organizações para supervisionar redes, servidores, máquinas virtuais e serviços em nuvem. A falha (CVE-2024-42327) permite que usuários não administradores, com acesso à API, realizem injeções de SQL para obter controle remoto e não autorizado sobre servidores Zabbix vulneráveis. A […] Fonte
cisoadvisor.com.br
rss
forum
news

Social Media

Zabbix server is vulnerable to a critical severity flaw tracked as CVE-2024-42327. The vulnerability has a CVSS score of 9.9. Successful exploitation of the vulnerability may allow attackers to escalate privileges and gain complete control of vulnerable Zabbix servers. Márk
0
1
2
GitHub - compr00t/CVE-2024-42327: PoC for CVE-2024-42327 / ZBX-25623 - https://t.co/MyBWurgkCc
0
0
0
CVE-2024-42327 alert 🚨 Zabbix : SQL injection Anyone with an API access can exploit this vulnerability: An SQLi exists in the CUser class in the addRelatedObjects function, which is called from the CUser.get function. Find out more : https://t.co/k32SiEOp5x #SQL #Zabbix
0
0
0
🚨 Critical #SQLInjection (CVE-2024-42327) in #Zabbix affects user.get API. 👉 Any "User" role with API access can exploit it to gain full control. ✅ Fixed in 6.0.32rc1, 6.4.17rc1, 7.0.1rc1. Update now to protect data & systems! #CyberSecurity
0
0
0
CVE-2024-42327 A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exist… https://t.co/c0fCnISAlx
0
0
0
[CVE-2024-42327: CRITICAL] Zabbix frontend vulnerability alert: Non-admin user accounts with API access can exploit SQLi in CUser class, potentially breaching security. Take precautions! #cybersecurity#cybersecurity,#vulnerability https://t.co/aDNGGZmbk7 https://t.co/hWc2isCOLY
0
0
0

Affected Software

No affected software found for this CVE

References

No references found for this CVE

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence