{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43516", "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "assignerShortName": "Zabbix", "datePublished": "2022-12-12T01:49:10.008967Z", "dateUpdated": "2024-09-16T20:22:44.845Z", "dateReserved": "2022-10-19T00:00:00"}, "containers": {"cna": {"title": "Zabbix Agent installer adds \u201callow all TCP any any\u201d firewall rule", "datePublic": "2022-11-30T00:00:00", "providerMetadata": {"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "shortName": "Zabbix", "dateUpdated": "2022-12-05T00:00:00"}, "descriptions": [{"lang": "en", "value": "A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)"}], "affected": [{"vendor": "Zabbix", "product": "Zabbix agent (MSI packages)", "versions": [{"version": "Oct. 29, 2022 - Dec 2, 2022", "status": "affected"}, {"version": "Dec 3, 2022", "status": "unaffected", "lessThan": "unspecified", "versionType": "custom"}]}, {"vendor": "Zabbix", "product": "Zabbix agent 2 (MSI packages)", "versions": [{"version": "Oct. 29, 2022 - Dec 2, 2022", "status": "affected"}, {"version": "Dec 3, 2022", "status": "unaffected", "lessThan": "unspecified", "versionType": "custom"}]}], "references": [{"url": "https://support.zabbix.com/browse/ZBX-22002"}], "credits": [{"lang": "en", "value": "Joshua PowellNishiyama"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-16 Configuration", "cweId": "CWE-16"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "INTERNAL"}, "workarounds": [{"lang": "en", "value": "If an immediate update is not possible, change the applied local firewall rule to allow the agent port only."}], "solutions": [{"lang": "en", "value": "To remediate this vulnerability, apply the updates listed in the 'Unaffected' section to appropriate products or use the workaround"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:59.496Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.zabbix.com/browse/ZBX-22002", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_firewall:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE181B91-1359-4EB8-AB0C-CA1E328CD17B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD9C2674-6094-4E7B-9687-2C1C2EE3723F", "versionEndExcluding": "6.0.12", "versionStartIncluding": "6.0.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "matchCriteriaId": "01D2C148-527F-4C2D-B82A-95811DB1756F", "versionEndExcluding": "6.2.6", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.0.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "C163CC6F-602E-404E-8155-14DFAC35781E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.2.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "550C55C9-BF75-4B88-8ACF-470FFC2F20C0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)"}, {"lang": "es", "value": "Una regla de firewall que permite todas las conexiones TCP entrantes a todos los programas desde cualquier fuente y a todos los puertos se crea en el Firewall de Windows despu\u00e9s de la instalaci\u00f3n del agente Zabbix (MSI)."}], "id": "CVE-2022-43516", "lastModified": "2024-11-21T07:26:41.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.7, "source": "security@zabbix.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-05T20:15:10.887", "references": [{"source": "security@zabbix.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://support.zabbix.com/browse/ZBX-22002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://support.zabbix.com/browse/ZBX-22002"}], "sourceIdentifier": "security@zabbix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "security@zabbix.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}