CVE-2022-23134 vulnerability in Zabbix and Other Products
Published on January 13, 2022
Known Exploited Vulnerability
This Zabbix Frontend Improper Access Control Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend.
The following remediation steps are recommended / required by March 8, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2022-23134 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2022-23134 has been classified to as an authentification vulnerability or weakness.
Products Associated with CVE-2022-23134
You can be notified by stack.watch whenever vulnerabilities like CVE-2022-23134 are published in these products:
What versions are vulnerable to CVE-2022-23134?
- Zabbix Version 6.0.0 alpha2
- Zabbix Version 6.0.0 alpha3
- Zabbix Version 6.0.0 alpha4
- Zabbix Version 6.0.0 alpha5
- Zabbix Version 6.0.0 alpha6
- Zabbix Version 6.0.0 alpha7
- Zabbix Version 6.0.0 beta1
- Zabbix Version 5.4.0 through 5.4.8
- Zabbix Version 6.0.0 alpha1
- Fedora Project Fedora Version 34
- Fedora Project Fedora Version 35
- Debian Linux Version 9.0