← Volver a CVEs
CVE-2022-23131
CRITICALCISA KEV9.1
Descripcion
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Detalles CVE
Puntuacion CVSS v3.19.1
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/13/2022
Ultima modificacion10/30/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorZabbix
ProductoFrontend
Nombre vulnerabilidadZabbix Frontend Authentication Bypass Vulnerability
Fecha inclusion KEV2022-02-22
Fecha limite remediacion2022-03-08
Uso en ransomwareUnknown
Productos afectados
zabbix:zabbix
Debilidades (CWE)
CWE-290CWE-290
Referencias
https://support.zabbix.com/browse/ZBX-20350(security@zabbix.com)
https://support.zabbix.com/browse/ZBX-20350(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23131(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.