CVE-2023-32728 – Code injection in zabbix_agent2 smart.disk.get caused by smartctl plugin

https://notcve.org/view.php?id=CVE-2023-32728

18 Dec 2023 — The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. La clave del elemento Zabbix Agent 2 smart.disk.get no sanitiza sus parámetros antes de pasarlos a un comando de shell, lo que resulta en una posible vulnerabilidad de ejecución remota de código. • https://support.zabbix.com/browse/ZBX-23858 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •