Our website uses cookies to give you the best and most relevant experience. By clicking on accept, you give your consent to the use of cookies as per our privacy policy.Accept

VNG Cloud Logo

[CVE-2022-23131] Unsafe Session Storage to unauthenticate Zabbix Frontend​​​​​​​

Severity: HIGH

CVE Score: 9.1

CVE-2022-23131: Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Impact : escalate privileges and gain admin access to Zabbix Frontend.

POC public in the wild and attacker is scanning for Zabbix Web Frontend

Top scanners
Affected version:
Zabbix Web Frontend: 5.4.0 - 5.4.8, 6.0.0alpha1, and 4.0.36

Mitigation:
- Upgrade Zabbix Web Frontend to 6.0.0beta2, 5.4.9, 5.0.19 or 4.0.37

- Restrict Zabbix Web Frontend to local,VPN and access server.

Reference:
https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage

https://portswigger.net/daily-swig/critical-vulnerabilities-in-zabbix-web-frontend-allow-authentication-bypass-code-execution-on-servers

https://www.zabbix.com/security_advisories