Zabbix vulnerabilities added to CISA catalog

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

Two Zabbix vulnerabilities have been added to the US Cybersecurity Infrastructure and Security Agency’s catalog of known exploited vulnerabilities. 

Federal civilian agencies have until March 8 to patch CVE-2022-23131 and CVE-2022-23134 — a Zabbix Frontend authentication bypass vulnerability and a Zabbix Frontend improper access control vulnerability. Zabbix is a popular open-source monitoring platform. 

Patches for the issues were released in December. Zabbix explained that in the case of instances “where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.”

“Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default),” Zabbix said. 

“To remediate this vulnerability, apply the updates listed in the ‘Fixed Version’ section to appropriate products or if an immediate update is not possible, follow the presented below workarounds.” 

Zabbix credited SonarSource’s Thomas Chauchefoin for discovering and reporting the issue. SonarSource released its own blog on the vulnerabilities where Chauchefoin goes into detail about the intricacies of the issue. He discovered it in November and noted that the initial patch proposed by Zabbix was able to be bypassed. 

BluBracket’s Casey Bisson explained that Zabbix is broadly used by businesses of all sizes to monitor servers and network equipment everywhere from

Read more

Explore the site

More from the blog

Latest News