CISA adds 2 Zabbix vulnerabilities to Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has added two Zabbix vulnerabilities to its Known Exploited Vulnerabilities Catalog based on evidence that cyber criminals are actively exploiting the vulnerabilities.

Zabbix is an open-source monitoring software solution used to monitor IT infrastructure such as networks, servers, virtual machines and cloud services.

The first vulnerability CVE-2022-23131 is caused by an unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.

“In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified,” Zabbix noted in the advisory.

The issue is rated Critical severity (CVSS score of 9.1) and was patched November 22, 2021. Affected Zabbix versions include 5.4.0 to 5.4.8 and 6.0.0alpha1.

The second vulnerability CVE-2022-23134 in Zabbix Frontend could result in unauthenticated user viewing of the setup pages if a config file already exists. This issue is rated Low severity (CVSS score of 3.7) and was patched December 20, 2021.

Readers can also check out a full list of Zabbix security advisories here as well as CISA’s Zabbix alert and Known Exploited Vulnerabilities Catalog.