Researchers have warned users of numerous security vulnerabilities in the Zabbix monitoring platform. Exploiting the bugs could allow an adversary to compromise an entire network. The developers have patched the flaws with the latest release.
Zabbix Platform Vulnerabilities
Zabbix is a popular open-source IT infrastructure monitoring platform. Precisely, it scans networks, virtual machines (VMs), cloud components, and servers for metrics like network utilization, CPU load, and more. Due to these valuable features, Zabbix is commonly used in enterprise environments, thus becoming a significant target for criminal hackers.
According to a recent post from SonarSource, their researchers found multiple flaws when analyzing Zabbix Web Frontend for potential security risks.
Briefly, the first of these vulnerabilities is a critical security bug affecting Zabbix client-side session storage.
This vulnerability, CVE-2022-23131, includes a Security Assertion Markup Language (SAML) Single-Sign-On (SSO) bypass. It has achieved a critical severity rating with a CVSS score of 9.1. Exploiting this bug could allow an adversary to gain admin privileges on the target networks. In turn, this access could allow arbitrary code execution on Zabbix Server and Zabbix Agent.
The researchers have demonstrated this exploit in the following video.
The other vulnerability, CVE-2022-23134, was also related to CVE-2022-23131. However, it has achieved a low-severity rating with a CVSS score of 3.4. Specifically, this vulnerability allowed access to setup.php to unauthenticated users. Hence, an adversary could exploit the flaw to gain high-privileged access to change Zabbix Web Frontend configuration files.
The following video demonstrates the bug in action.
SonarSource found these vulnerabilities in late 2021, after which they informed Zabbix maintainers of the flaws. However, while the developers patched the flaws, the researchers noticed that bypassing the patches remained possible.
Hence, the developers eventually released a final patch with Zabbix 5.4.9, 5.0.9, and 4.0.37.
Hence, users should update their systems with the latest software version to avoid exploits.