Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-22002

Zabbix Agent Installer Adds Allow All TCP any any firewall rule (CVE-2022-43516)

XMLWordPrintable

    • Sprint 95 (Dec 2022)
    • 1

      ID: ZBV-2022-12-1

      CVE: CVE-2022-43516

      Synopsis: Zabbix Agent installer adds “allow all TCP any any” firewall rule

      Description: A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)

      CVSS score: 6.5

      Zabbix Severity: Medium

      Known Attack Vectors: An attacker can connect to all TCP services running on the machine with Zabbix Agent

      Resolution: To remediate this vulnerability, apply the updates listed in the 'Fixed Version' section to appropriate products or use the workaround

      Workarounds: If an immediate update is not possible, change the applied local firewall rule to allow the agent port only.

      --------

      Steps to reproduce:

      1. Download Agent 1 or Agent 2 (Does not Matter)
        1. Windows-Any-amd64-6.0 LTS-OpenSSL-MSI
        2. Windows-Any-amd64-6.2-OpenSSL-MSI
      2. Install with Default Options
      3. Set Server and Proxy Server to Zabbix Server IP
      4. Install
      5. Check Firewall Rules (Seen in both Domain and Non-Domain)

      Have Only tested 6.0.10,6.0.11,6.2.15. Others can test other versions and platforms.

      Result:

      A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall.

      See Screenshot

      Expected:
      Allow Agent Port Number only.

            MVekslers Michael Veksler
            nzjpnboy Joshua PowellNishiyama
            Team B
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: