All the vulnerabilites related to Zabbix - Zabbix agent (MSI packages)
cve-2022-43516
Vulnerability from cvelistv5
Published
2022-12-12 01:49
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Zabbix | Zabbix agent (MSI packages) |
Version: Oct. 29, 2022 - Dec 2, 2022 Patch: Dec 3, 2022 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zabbix.com/browse/ZBX-22002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zabbix agent (MSI packages)",
"vendor": "Zabbix",
"versions": [
{
"status": "affected",
"version": "Oct. 29, 2022 - Dec 2, 2022"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "Dec 3, 2022",
"versionType": "custom"
}
]
},
{
"product": "Zabbix agent 2 (MSI packages)",
"vendor": "Zabbix",
"versions": [
{
"status": "affected",
"version": "Oct. 29, 2022 - Dec 2, 2022"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "Dec 3, 2022",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joshua PowellNishiyama"
}
],
"datePublic": "2022-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22002"
}
],
"solutions": [
{
"lang": "en",
"value": "To remediate this vulnerability, apply the updates listed in the \u0027Unaffected\u0027 section to appropriate products or use the workaround"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Zabbix Agent installer adds \u201callow all TCP any any\u201d firewall rule",
"workarounds": [
{
"lang": "en",
"value": "If an immediate update is not possible, change the applied local firewall rule to allow the agent port only."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2022-43516",
"datePublished": "2022-12-12T01:49:10.008967Z",
"dateReserved": "2022-10-19T00:00:00",
"dateUpdated": "2024-09-16T20:22:44.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}