Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Zabbix agent (MSI packages) by Zabbix
CVE-2022-43516 (GCVE-0-2022-43516)
Vulnerability from cvelistv5 – Published: 2022-12-12 01:49 – Updated: 2025-04-18 18:09
VLAI
Title
Zabbix Agent installer adds “allow all TCP any any” firewall rule
Summary
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-16 - Configuration
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zabbix | Zabbix agent (MSI packages) |
Affected:
Oct. 29, 2022 - Dec 2, 2022
Unaffected: Dec 3, 2022 , < unspecified (custom) |
|
| Zabbix | Zabbix agent 2 (MSI packages) |
Affected:
Oct. 29, 2022 - Dec 2, 2022
Unaffected: Dec 3, 2022 , < unspecified (custom) |
Date Public
2022-11-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zabbix.com/browse/ZBX-22002"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43516",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T18:08:51.614314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T18:09:22.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zabbix agent (MSI packages)",
"vendor": "Zabbix",
"versions": [
{
"status": "affected",
"version": "Oct. 29, 2022 - Dec 2, 2022"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "Dec 3, 2022",
"versionType": "custom"
}
]
},
{
"product": "Zabbix agent 2 (MSI packages)",
"vendor": "Zabbix",
"versions": [
{
"status": "affected",
"version": "Oct. 29, 2022 - Dec 2, 2022"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "Dec 3, 2022",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joshua PowellNishiyama"
}
],
"datePublic": "2022-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00.000Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22002"
}
],
"solutions": [
{
"lang": "en",
"value": "To remediate this vulnerability, apply the updates listed in the \u0027Unaffected\u0027 section to appropriate products or use the workaround"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Zabbix Agent installer adds \u201callow all TCP any any\u201d firewall rule",
"workarounds": [
{
"lang": "en",
"value": "If an immediate update is not possible, change the applied local firewall rule to allow the agent port only."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2022-43516",
"datePublished": "2022-12-12T01:49:10.008Z",
"dateReserved": "2022-10-19T00:00:00.000Z",
"dateUpdated": "2025-04-18T18:09:22.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43516 (GCVE-0-2022-43516)
Vulnerability from nvd – Published: 2022-12-12 01:49 – Updated: 2025-04-18 18:09
VLAI
Title
Zabbix Agent installer adds “allow all TCP any any” firewall rule
Summary
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-16 - Configuration
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zabbix | Zabbix agent (MSI packages) |
Affected:
Oct. 29, 2022 - Dec 2, 2022
Unaffected: Dec 3, 2022 , < unspecified (custom) |
|
| Zabbix | Zabbix agent 2 (MSI packages) |
Affected:
Oct. 29, 2022 - Dec 2, 2022
Unaffected: Dec 3, 2022 , < unspecified (custom) |
Date Public
2022-11-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zabbix.com/browse/ZBX-22002"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43516",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T18:08:51.614314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T18:09:22.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zabbix agent (MSI packages)",
"vendor": "Zabbix",
"versions": [
{
"status": "affected",
"version": "Oct. 29, 2022 - Dec 2, 2022"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "Dec 3, 2022",
"versionType": "custom"
}
]
},
{
"product": "Zabbix agent 2 (MSI packages)",
"vendor": "Zabbix",
"versions": [
{
"status": "affected",
"version": "Oct. 29, 2022 - Dec 2, 2022"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "Dec 3, 2022",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joshua PowellNishiyama"
}
],
"datePublic": "2022-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00.000Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22002"
}
],
"solutions": [
{
"lang": "en",
"value": "To remediate this vulnerability, apply the updates listed in the \u0027Unaffected\u0027 section to appropriate products or use the workaround"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Zabbix Agent installer adds \u201callow all TCP any any\u201d firewall rule",
"workarounds": [
{
"lang": "en",
"value": "If an immediate update is not possible, change the applied local firewall rule to allow the agent port only."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2022-43516",
"datePublished": "2022-12-12T01:49:10.008Z",
"dateReserved": "2022-10-19T00:00:00.000Z",
"dateUpdated": "2025-04-18T18:09:22.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}