9.8

CVE-2022-43515

Exploit

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZabbixFrontend Version >= 4.0.0 <= 4.0.44
ZabbixFrontend Version >= 5.0.0 <= 5.0.29
ZabbixFrontend Version >= 6.0.0 <= 6.0.9
ZabbixFrontend Version >= 6.2.0 <= 6.2.4
ZabbixFrontend Version5.0.30 Updaterc1
ZabbixFrontend Version6.0.11 Updaterc1
ZabbixFrontend Version6.2.5 Updaterc1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.319
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@zabbix.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.