Security News > 2022 > February > CISA warns of actively exploited vulnerabilities in Zabbix servers
A notification from the U.S. Cybersecurity Infrastructure and Security Agency warns that threat actors are exploiting vulnerabilities in Zabbix open-source tool for monitoring networks, servers, virtual machines, and cloud services.
The agency is asking federal agencies to patch any Zabbix servers against security issues tracked as CVE-2022-23131 and CVE-2022-23134, to avoid "Significant risk" from malicious cyber actors.
The National Cyber Security Center in Netherlands alerts that the vulnerability is being actively exploited and it can allow remote code execution with root privileges.
The Ukrainian Computer Emergency Response Team also published a warning about the risk of leaving Zabbix servers unpatched against the two vulnerabilities, especially CVE-2022-23131.
The two vulnerabilities were discovered by researchers from SonarSource, who published their findings in a technical report earlier this month, noting that exploiting CVE-2022-23131 is "Straightforward, especially since the Zabbix Web Frontend is automatically configured with a highly-privileged user named Admin."
CISA has added the vulnerabilities to its Known Exploited Vulnerabilities Catalog that represent a frequent attack vector and is asking federal agencies to install available patches by March 8.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-13 | CVE-2022-23134 | Improper Authentication vulnerability in multiple products After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. | 5.3 |
| 2022-01-13 | CVE-2022-23131 | Authentication Bypass by Spoofing vulnerability in Zabbix In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. | 9.8 |