The Cybersecurity and Infrastructure Security Agency (CISA) has added two Zabbix vulnerabilities to its Known Exploited Vulnerabilities Catalog based on evidence that cyber criminals are actively exploiting the vulnerabilities.
Zabbix is an open-source monitoring software solution used to monitor IT infrastructure such as networks, servers, virtual machines and cloud services.
The first vulnerability CVE-2022-23131 is caused by an unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.
“In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified,” Zabbix noted in the advisory.
The issue is rated Critical severity (CVSS score of 9.1) and was patched November 22, 2021. Affected Zabbix versions include 5.4.0 to 5.4.8 and 6.0.0alpha1.
The second vulnerability CVE-2022-23134 in Zabbix Frontend could result in unauthenticated user viewing of the setup pages if a config file already exists. This issue is rated Low severity (CVSS score of 3.7) and was patched December 20, 2021.
Readers can also check out a full list of Zabbix security advisories here as well as CISA’s Zabbix alert and Known Exploited Vulnerabilities Catalog.
Related Articles
- CISA adds 9 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include new Adobe and Chrome zero-days)
- Google releases Chrome 98 security update with fix for zero-day vulnerability (CVE-2022-0609) exploited in the wild
- Adobe fixes Critical zero-day Commerce,  Magento vulnerability exploited in the wild