CVE-2022-43516 — Zabbix vulnerability

CWE-164 documents4 sources

Severity

9.8CRITICALNVD

EPSS

4.5%

top 10.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Zabbix Agent Zabbix Agent 2 +1 more

Timeline

PublishedDec 5

Description

A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5zabbix/zabbix_agentOct. 29, 2022 - Dec 2, 2022

▶CVEListV5zabbix/zabbix_agent_2Oct. 29, 2022 - Dec 2, 2022

▶NVDzabbix/zabbix6.0.10 — 6.0.12+3

▶debiandebian/zabbix

Patches

Patch: support.zabbix.com ↗Patch: support.zabbix.com ↗

🔴Vulnerability Details

OSV

CVE-2022-43516: A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix↗2022-12-05

▶

GHSA

GHSA-wpfh-pv35-c3gc: A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix↗2022-12-05

▶

📋Vendor Advisories

Debian

CVE-2022-43516: zabbix - A Firewall Rule which allows all incoming TCP connections to all programs from a...↗2022

▶