Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:9E5A880E-E491-4C6B-AC80-599D4C4A31A4
HistoryDec 20, 2021 - 12:00 a.m.

CVE-2022-23134

2021-12-2000:00:00
attackerkb.com
45

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.258 Low

EPSS

Percentile

96.1%

JSON

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

Related

checkpoint_advisories 1
prion 1
debian 1
debiancve 1
openvas 4
alpinelinux 1
osv 2
nuclei 1
ubuntucve 1
nessus 3
cve 1
cisa_kev 1
cisa 1
thn 1
hivepro 1
fedora 2
suse 2
sonarsource 1
checkpoint_advisories
checkpoint_advisories
Zabbix Web Frontend Authentication Bypass (CVE-2022-23134)
2022-03-02 00:00:00
prion
prion
Design/Logic Flaw
2022-01-13 16:15:00
debian
debian
[SECURITY] [DLA 2914-1] zabbix security update
2022-02-07 21:48:51
debiancve
debiancve
CVE-2022-23134
2022-01-13 16:15:00
openvas
openvas
Debian: Security Advisory (DLA-2914-1)
2022-02-08 00:00:00
Fedora: Security Advisory for zabbix (FEDORA-2022-1a667b0f90)
2022-01-23 00:00:00
openSUSE: Security Advisory for zabbix (openSUSE-SU-2022:0036-1)
2022-02-18 00:00:00
alpinelinux
alpinelinux
CVE-2022-23134
2022-01-13 16:15:00
osv
osv
zabbix - security update
2022-02-07 00:00:00
CVE-2022-23134
2022-01-13 16:15:08
nuclei
nuclei
Zabbix Setup Configuration Authentication Bypass
2022-02-25 16:00:40
ubuntucve
ubuntucve
CVE-2022-23134
2022-01-13 00:00:00
nessus
nessus
Debian DLA-2914-1 : zabbix - LTS security update
2022-02-07 00:00:00
openSUSE 15 Security Update : zabbix (openSUSE-SU-2022:0036-1)
2022-02-17 00:00:00
Zabbix 5.4.x < 5.4.9 Multiple Vulnerabilities
2022-02-28 00:00:00
cve
cve
CVE-2022-23134
2022-01-13 16:15:00
cisa_kev
cisa_kev
Zabbix Frontend Improper Access Control Vulnerability
2022-02-22 00:00:00
cisa
cisa
CISA Adds Two Known Exploited Vulnerabilities to Catalog
2022-02-22 00:00:00
thn
thn
CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform
2022-02-24 12:16:00
hivepro
hivepro
Zabbix affected by two actively exploited vulnerabilities
2022-02-24 10:27:48
fedora
fedora
[SECURITY] Fedora 35 Update: zabbix-5.0.19-1.fc35
2022-01-23 01:44:38
[SECURITY] Fedora 34 Update: zabbix-5.0.19-1.fc34
2022-01-23 01:08:21
suse
suse
Security update for zabbix (moderate)
2022-02-16 00:00:00
Security update for MozillaThunderbird (important)
2022-03-01 00:00:00
sonarsource
sonarsource
Zabbix - A Case Study of Unsafe Session Storage
2022-02-16 00:00:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.258 Low

EPSS

Percentile

96.1%

JSON
Related for AKB:9E5A880E-E491-4C6B-AC80-599D4C4A31A4
checkpoint_advisories1prion1debian1debiancve1openvas4alpinelinux1osv2nuclei1ubuntucve1nessus3cve1cisa_kev1cisa1thn1hivepro1fedora2suse2sonarsource1