CVE-2022-23131

CRITICALCISA KEV

9.1

Beschreibung

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).

CVE Details

CVSS v3.1 Bewertung9.1

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht1/13/2022

Zuletzt geandert10/30/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerZabbix

ProduktFrontend

SchwachstellennameZabbix Frontend Authentication Bypass Vulnerability

KEV Aufnahmedatum2022-02-22

Behebungsfrist2022-03-08

Ransomware-NutzungUnknown

Betroffene Produkte

zabbix:zabbix

Schwachen (CWE)

CWE-290CWE-290

Referenzen

https://support.zabbix.com/browse/ZBX-20350(security@zabbix.com)

https://support.zabbix.com/browse/ZBX-20350(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23131(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.