An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. CREATE(Triage):(User=admin) CVE-2023-32727 (https://nvd.nist.gov/vuln/detail/CVE-2023-32727)