Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-5572 — Zabbix vulnerability

CWE-2648 documents6 sources

Severity

3.5LOWNVD

EPSS

7.8%

top 8.00%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zabbix Debian Zabbix

Timeline

PublishedOct 1

Latest updateMay 17

Description

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/zabbix< zabbix 1:2.2.2+dfsg-1 (bookworm)

▶Debianzabbix/zabbix< 1:2.2.2+dfsg-1+3

▶NVDzabbix/zabbix2.0.5

🔴Vulnerability Details

GHSA

GHSA-c47p-v2q9-c4rg: Zabbix 2↗2022-05-17

▶

OSV

CVE-2013-5572: Zabbix 2↗2013-10-01

▶

💥Exploits & PoCs

Exploit-DB

Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure (Metasploit)↗2015-02-23

▶

📋Vendor Advisories

Debian

CVE-2013-5572: zabbix - Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind passwor...↗2013

▶

💬Community

Bugzilla

CVE-2013-5572 zabbix: password leakage [epel-all]↗2013-10-01

▶

Bugzilla

CVE-2013-5572 zabbix: password leakage [fedora-all]↗2013-10-01

▶

Bugzilla

CVE-2013-5572 zabbix: password leakage↗2013-10-01

▶