CVE-2024-42332 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-42332 Interim 1 6 2025-11-01T01:52:37Z current 2024-11-29T00:29:32Z 2025-11-01T01:52:37Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-42332 The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server Teradata 12 SP3-LTSS zabbix zabbix-agent zabbix-agent as a component of SUSE Linux Enterprise Server 12 SP4-LTSS zabbix as a component of SUSE Linux Enterprise Server 12 SP4-LTSS zabbix-agent as a component of SUSE Linux Enterprise Server 12 SP5-LTSS zabbix as a component of SUSE Linux Enterprise Server 12 SP5-LTSS zabbix as a component of SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security zabbix as a component of SUSE Linux Enterprise Server Teradata 12 SP3 zabbix as a component of SUSE Linux Enterprise Server Teradata 12 SP3-LTSS The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host. CVE-2024-42332 SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix-agent SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security:zabbix SUSE Linux Enterprise Server 12 SP5-LTSS:zabbix SUSE Linux Enterprise Server 12 SP5-LTSS:zabbix-agent SUSE Linux Enterprise Server Teradata 12 SP3-LTSS:zabbix SUSE Linux Enterprise Server Teradata 12 SP3:zabbix moderate 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N