VYPR
Unrated severityNVD Advisory· Published Dec 31, 2009· Updated Jun 16, 2026

CVE-2009-4502

CVE-2009-4502

Description

The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • Zabbix/Zabbix9 versions
    cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*range: <=1.6.6
    • cpe:2.3:a:zabbix:zabbix:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.4.6:*:*:*:*:*:*:*
  • Zabbix/Agentllm-create
    Range: <1.6.7

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.