Synopsis: Zabbix Agent installer adds “allow all TCP any any” firewall rule
Description: A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
CVSS score: 6.5
Zabbix Severity: Medium
Known Attack Vectors: An attacker can connect to all TCP services running on the machine with Zabbix Agent
Resolution: To remediate this vulnerability, apply the updates listed in the 'Fixed Version' section to appropriate products or use the workaround
Workarounds: If an immediate update is not possible, change the applied local firewall rule to allow the agent port only.
Steps to reproduce:
- Download Agent 1 or Agent 2 (Does not Matter)
1. Windows-Any-amd64-6.0 LTS-OpenSSL-MSI
- Install with Default Options
- Set Server and Proxy Server to Zabbix Server IP
- Check Firewall Rules (Seen in both Domain and Non-Domain)
Have Only tested 6.0.10,6.0.11,6.2.15. Others can test other versions and platforms.
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall.
Allow Agent Port Number only.