Lucene search

Ubuntu.comUB:CVE-2022-43515

HistoryDec 05, 2022 - 12:00 a.m.

CVE-2022-43515

2022-12-0500:00:00

ubuntu.com

zabbix frontend

ip restriction

bypass

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.8%

JSON

Zabbix Frontend provides a feature that allows admins to maintain the
installation and ensure that only certain IP addresses can access it. In
this way, any user will not be able to access the Zabbix Frontend while it
is being maintained and possible sensitive data will be prevented from
being disclosed. An attacker can bypass this protection and access the
instance using IP address not listed in the defined range.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchzabbix< anyUNKNOWN
ubuntu22.04noarchzabbix< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	zabbix	< any	UNKNOWN
ubuntu	22.04	noarch	zabbix	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2022-43515

nvd.nist.gov/vuln/detail/CVE-2022-43515

security-tracker.debian.org/tracker/CVE-2022-43515

support.zabbix.com/browse/ZBXSEC-125

www.cve.org/CVERecord?id=CVE-2022-43515

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.8%

JSON

Related for UB:CVE-2022-43515