Possible view of the setup pages by unauthenticated users if config file already exists
CVE-2022-23134

5.3MEDIUM

Key Information:

Vendor: Zabbix
Status: Frontend
Vendor: CVE Published:; 13 January 2022

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 90%🦅 CISA Reported

What is CVE-2022-23134?

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

CISA has reported CVE-2022-23134

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2022-23134 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

Frontend 5.4.0 - 5.4.8

Frontend 5.4.9 < 5.4.9*

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2022-23134-poc-and-writeup
Created by TheN00bBuilder