Windows Server 2022 Datacenter (Japanese)
Windows Server 2019 Datacenter (Japanese)
Sprint 95 (Dec 2022)
Synopsis: Zabbix Agent installer adds “allow all TCP any any” firewall rule
Description: A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
CVSS score: 6.5
Zabbix Severity: Medium
Known Attack Vectors: An attacker can connect to all TCP services running on the machine with Zabbix Agent
Resolution: To remediate this vulnerability, apply the updates listed in the 'Fixed Version' section to appropriate products or use the workaround
Workarounds: If an immediate update is not possible, change the applied local firewall rule to allow the agent port only.
Steps to reproduce:
- Download Agent 1 or Agent 2 (Does not Matter)
1. Windows-Any-amd64-6.0 LTS-OpenSSL-MSI
- Install with Default Options
- Set Server and Proxy Server to Zabbix Server IP
- Check Firewall Rules (Seen in both Domain and Non-Domain)
Have Only tested 6.0.10,6.0.11,6.2.15. Others can test other versions and platforms.
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall.
Allow Agent Port Number only.
- depends on
ZBX-21972 TLSPSKVALUE doesn't work in silent mode