-
Defect (Security)
-
Resolution: Fixed
-
Critical
-
6.0.10, 6.2.5
-
Windows Server 2022 Datacenter (Japanese)
Windows Server 2019 Datacenter (Japanese)
-
Sprint 95 (Dec 2022)
-
1
ID: ZBV-2022-12-1
CVE: CVE-2022-43516
Synopsis: Zabbix Agent installer adds “allow all TCP any any” firewall rule
Description: A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
CVSS score: 6.5
Zabbix Severity: Medium
Known Attack Vectors: An attacker can connect to all TCP services running on the machine with Zabbix Agent
Resolution: To remediate this vulnerability, apply the updates listed in the 'Fixed Version' section to appropriate products or use the workaround
Workarounds: If an immediate update is not possible, change the applied local firewall rule to allow the agent port only.
--------
Steps to reproduce:
- Download Agent 1 or Agent 2 (Does not Matter)
1. Windows-Any-amd64-6.0 LTS-OpenSSL-MSI
2. Windows-Any-amd64-6.2-OpenSSL-MSI - Install with Default Options
- Set Server and Proxy Server to Zabbix Server IP
- Install
- Check Firewall Rules (Seen in both Domain and Non-Domain)
Have Only tested 6.0.10,6.0.11,6.2.15. Others can test other versions and platforms.
Result:
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall.
See Screenshot
Expected:
Allow Agent Port Number only.
- depends on
-
ZBX-21972 TLSPSKVALUE doesn't work in silent mode
-
- Closed
-
