{"vulnerability": "CVE-2022-23134", "sightings": [{"uuid": "c8a7b6e7-52d6-494b-ae1e-c44bec1a6b86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23134", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "65750397-e4c2-41f2-b80c-bf9b576a3627", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23134", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971262", "content": "", "creation_timestamp": "2024-12-24T20:26:41.098091Z"}, {"uuid": "d24335e1-cdf5-40d6-a748-627274564da8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23134", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:35.000000Z"}, {"uuid": "10f35d6e-1266-4c68-8e94-7078692cd810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23134", "type": "seen", "source": "https://t.me/arpsyndicate/1028", "content": "#ExploitObserverAlert\n\nCVE-2022-23134\n\nDESCRIPTION: Exploit Observer has 11 entries related to CVE-2022-23134. After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.\n\nFIRST-EPSS: 0.202480000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2023-12-03T21:02:10.000000Z"}, {"uuid": "c665e3fb-254a-4682-828e-74589794bc98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23134", "type": "seen", "source": "https://threatintel.cc/2025/09/23/cisa-warns-of-attacks-exploiting.html", "content": "", "creation_timestamp": "2025-09-23T11:47:00.000000Z"}, {"uuid": "ec407965-44ac-4c77-b207-bd9defa20c73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-23134", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/86a27fba-cd3f-4832-b08b-df3ac3ac9dfb", "content": "", "creation_timestamp": "2026-02-02T12:28:22.626451Z"}, {"uuid": "20744d6b-2d38-4865-8506-a003d6c4ce1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23134", "type": "exploited", "source": "https://t.me/cKure/8851", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CISA Alerts on Actively Exploited Flaws in Zabbix; an open-source Network Monitoring Platform.\n\n\u25aa\ufe0eCVE-2022-23131: Zabbix Frontend Authentication Bypass Vulnerability.\n\n\u25aa\ufe0eCVE-2022-23134: Zabbix Frontend Improper Access Control Vulnerability.\n\nhttps://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog\n\nhttps://thehackernews.com/2022/02/cisa-alerts-on-actively-exploited-flaws.html", "creation_timestamp": "2022-02-24T16:05:51.000000Z"}, {"uuid": "26e21b75-268f-4cf2-ae97-df2ee16a8cb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23134", "type": "published-proof-of-concept", "source": "Telegram/S7-40of6B8lzJ7CVZzuUb0J5KbLtJ2xTFGhEBSuaewMtr4I", "content": "", "creation_timestamp": "2025-03-23T10:00:05.000000Z"}, {"uuid": "369e4313-140e-4b2a-92f3-5bab2d36e85a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23134", "type": "exploited", "source": "https://t.me/true_secator/2673", "content": "\u200b\u200b\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 CVE-2022-23131 \u0438 CVE-2022-23134 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. \u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e Zabbix - \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0441\u0435\u0442\u0435\u0439, \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u0438 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0434\u0430\u043d\u043d\u044b\u043c CISA, \u043e\u0434\u043d\u0430 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u043c\u0435\u0435\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 9,1 \u0438\u0437 10.\n\n\u0414\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0438\u0437 SonarSource \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u0432\u00a0\u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u043e\u0442\u0447\u0435\u0442\u0435 \u043f\u043e\u0447\u0442\u0438 \u043c\u0435\u0441\u044f\u0446 \u043d\u0430\u0437\u0430\u0434.\n\nCVE-2022-23131 \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430 \u0441 Zabbix Frontend. \u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0435\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0441 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u043c \u044f\u0437\u044b\u043a\u043e\u043c \u0440\u0430\u0437\u043c\u0435\u0442\u043a\u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 SAML (\u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0439 \u0435\u0434\u0438\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (\u0435\u0434\u0438\u043d\u044b\u0439 \u0432\u0445\u043e\u0434), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043e\u0431\u043c\u0435\u043d \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u043c\u0435\u0436\u0434\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u043c \u0443\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u0435\u043d\u0438\u0439 \u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u043c \u0443\u0441\u043b\u0443\u0433). \n\n\u0415\u0441\u043b\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f SAML SSO \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 (\u043d\u0435 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e), \u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u0435\u0430\u043d\u0441\u0430 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043b\u043e\u0433\u0438\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0439 \u0432 \u0441\u0435\u0430\u043d\u0441\u0435, \u043d\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f.\u00a0\u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u043a \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0443 Zabbix.\n\n21 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0432\u0443\u044e\u0449\u0438\u0439 PoC. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u041d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0439 \u0446\u0435\u043d\u0442\u0440 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u041d\u0438\u0434\u0435\u0440\u043b\u0430\u043d\u0434\u0430\u0445\u00a0\u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-23134 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043d\u0435\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0444\u0430\u0439\u043b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 (\u0441\u043a\u0440\u0438\u043f\u0442 setup.php) \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0430\u043d\u0435\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438\u00a0Zabbix\u00a0\u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f (\u0432\u0435\u0440\u0441\u0438\u0438 5.4.9, 5.0.9 \u0438 4.0.37), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0435\u0448\u0430\u044e\u0442 \u043e\u0431\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c, \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0438\u0445, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438. \u0421\u0430\u043c\u0438 \u043e\u0446\u0435\u043d\u0438\u0442\u0435 \u043d\u0430\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u043e\u0441\u0442\u043e\u0439 \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c", "creation_timestamp": "2022-02-25T18:16:00.000000Z"}, {"uuid": "195c9cd1-766c-490c-bd13-24a900d2b29a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23134", "type": "seen", "source": "https://t.me/cibsecurity/35418", "content": "\u203c CVE-2022-23134 \u203c\n\nAfter the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-13T18:18:35.000000Z"}, {"uuid": "d6b921bb-b3cb-42e7-8a72-395c7b7aba09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23134", "type": "exploited", "source": "https://t.me/thehackernews/1917", "content": "U.S. cybersecurity agency CISA is warning companies about two actively exploited vulnerabilities affecting the widely used open-source Zabbix enterprise monitoring platform.\n\n\u2705 CVE-2022-23131\n\u2705 CVE-2022-23134\n\nDetails: https://thehackernews.com/2022/02/cisa-alerts-on-actively-exploited-flaws.html", "creation_timestamp": "2022-02-24T13:18:32.000000Z"}]}