CVE-2022-23134

KEV
Published: Gen 13, 2022 Last Modified: Ott 30, 2025
ExploitDB:
Other exploit source:
Google Dorks:
LOW 3,7
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: partial
Availability: none

Description

AI Translation Available

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,9310
Percentile
1,0th
Updated

EPSS Score Trend (Last 90 Days)

284

Improper Access Control

Incomplete
Abstraction: Pillar Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
Technologies: ICS/OT, Not Technology-Specific, Web Based
View CWE Details
287

Improper Authentication

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability Access Control
Potential Impacts:
Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: ICS/OT, Not Technology-Specific, Web Based
Likelihood of Exploit: High
View CWE Details
Application

Zabbix by Zabbix

Product Information
Vendor Zabbix
Product Zabbix
Version 6.0.0
cpe:2.3:a:zabbix:zabbix:6.0.0:alpha1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Zabbix by Zabbix

Product Information
Vendor Zabbix
Product Zabbix
Version Range Affected
From 5.4.0 (inclusive)
To 5.4.8 (inclusive)
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Zabbix by Zabbix

Product Information
Vendor Zabbix
Product Zabbix
Version 6.0.0
cpe:2.3:a:zabbix:zabbix:6.0.0:alpha5:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Zabbix by Zabbix

Product Information
Vendor Zabbix
Product Zabbix
Version 6.0.0
cpe:2.3:a:zabbix:zabbix:6.0.0:alpha4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fedora by Fedoraproject

Product Information
Vendor Fedoraproject
Product Fedora
Version 35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Zabbix by Zabbix

Product Information
Vendor Zabbix
Product Zabbix
Version 6.0.0
cpe:2.3:a:zabbix:zabbix:6.0.0:alpha2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fedora by Fedoraproject

Product Information
Vendor Fedoraproject
Product Fedora
Version 34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Zabbix by Zabbix

Product Information
Vendor Zabbix
Product Zabbix
Version 6.0.0
cpe:2.3:a:zabbix:zabbix:6.0.0:alpha7:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Zabbix by Zabbix

Product Information
Vendor Zabbix
Product Zabbix
Version 6.0.0
cpe:2.3:a:zabbix:zabbix:6.0.0:alpha6:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Zabbix by Zabbix

Product Information
Vendor Zabbix
Product Zabbix
Version 6.0.0
cpe:2.3:a:zabbix:zabbix:6.0.0:beta1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Zabbix by Zabbix

Product Information
Vendor Zabbix
Product Zabbix
Version 6.0.0
cpe:2.3:a:zabbix:zabbix:6.0.0:alpha3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022…
https://lists.debian.org/debian-lts-announce/2022/02/msg000…
https://lists.debian.org/debian-lts-announce/2022/02/msg00008.html
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://support.zabbix.com/browse/ZBX-20384
https://support.zabbix.com/browse/ZBX-20384
https://lists.debian.org/debian-lts-announce/2022/02/msg000…
https://lists.debian.org/debian-lts-announce/2022/02/msg00008.html
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://support.zabbix.com/browse/ZBX-20384
https://support.zabbix.com/browse/ZBX-20384