Zabbix Security Vulnerabilities actively exploited – Patch Now

CISA has warned of two critical security flaws on Zabbix network monitoring software which are actively bring exploited in the wild.

Along with the warning, CISA also suggests the Federal Civilian Executive Branch (FCEB) agencies to patch the systems against the vulnerabilities to decrease the chances of becoming a victims to cyberattack.

Details on the Zabbix Security Vulnerabilities

The Zabbix security vulnerabilities are tacked as CVE-2022-23132 with a CVSS score of 9.8 and CVE-2022-23134 with a CVSS score of 5.3. Any exploitation of these vulnerabilities will allow threat actors to compromise the network by enabling malicious unauthenticated actors to escalate privileges and obtain administrative privileges to Zabbix and can further modify the configurations.

A security researcher from SonarSource named Thomas Chauchefoin has been credited the discovery of the flaws affecting Zabbix network monitoring software. The affected versions include Zabbix 5.4.8 version, 5.0.18 and 4.0.36. The security flaws have been fixed in Zabbix 5.4.9, 5.0.9, and 4.0.37 versions respectively, and the fixes were released by December 2021.

As per Zabbix, the flaws were a result of unsafe session storage which allowed attackers to bypass authentication and execute arbitrary codes. And these flaws are only impacting instances with Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication is active.

Security practices to follow

Chauchefoin mentioned that it is always good to grant access to sensible services with extended internal access via VPNs or through a restricted set of IP addresses, hardening of file systems to improve data security, and erase unwanted setup scripts.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Twitter, and Reddit.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.