Zabbix Frontend Improper Access Control Vulnerability

Technical Severity

LOW

3.7 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitation Likelihood

93.10 %

Predictive Probability

Percentile Rank

99.8 th

Documented as more likely to be exploited than 99.8% of known CVEs.

Detection Date

Feb 22, 2022

Remediation Due

Mar 08, 2022

CISA Catalog Active

Threat Analysis

Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend.

Apply updates per vendor instructions.

Vendor Identity

Zabbix

Affected Product

Frontend

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-284

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2022-23134