VDB
CVE-2022-23134
CVE-2022-23134
PUBLISHED
KEV
CVSS 3.700000047683716 LOW
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
EPSS 92.61% · 99.8th percentile
Risk Scores
CVSS 3.1
3.700000047683716
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
92.61%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| debian | debian_linux | 9.0 |
| zabbix | zabbix | 6.0.0, 6.0.0, 6.0.0 |
| Zabbix | Frontend | 5.4.9, 5.4.0 - 5.4.8 |
| fedoraproject | fedora | 34, 35 |
Exploit Intelligence
- Writeup and POC for CVE-2022-23134 (github-poc-repo)
- Writeup and POC for CVE-2022-23134 (github-poc-repo)
- Writeup and POC for CVE-2022-23134 (github-poc-repo)
- Writeup and POC for CVE-2022-23134 (github-poc-repo)
- Writeup and POC for CVE-2022-23134 (github-poc-repo)
- Writeup and POC for CVE-2022-23134 (github-poc-repo)
- Writeup and POC for CVE-2022-23134 (github-poc-repo)
- Writeup and POC for CVE-2022-23134 (github-poc)
- Writeup and POC for CVE-2022-23134 (github-poc)
- Writeup and POC for CVE-2022-23134 (github-poc)
…and 45 more exploits
Timeline
- Jan 13, 2022 CVE Published
- Feb 8, 2022 EPSS Score
- Feb 22, 2022 CISA KEV Added
- Mar 25, 2023 EPSS Score
- May 30, 2023 EPSS Score
- Jun 14, 2023 PoC Published
- Jun 26, 2023 EPSS Score
- Jun 28, 2023 EPSS Score
- Aug 6, 2023 EPSS Score
- Oct 18, 2023 EPSS Score
- Nov 8, 2023 EPSS Score
- Nov 16, 2023 EPSS Score
References
- https://support.zabbix.com/browse/ZBX-20384 url
- FEDORA-2022-dfe346f53f vendor-advisory
- FEDORA-2022-1a667b0f90 vendor-advisory
- [debian-lts-announce] 20220207 [SECURITY] [DLA 2914-1] zabbix security update mailing-list
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23134 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-23134 advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7 url