CVE-2022-43516

CVE Database · CVE-2022-43516

CVE-2022-43516

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.91%

Published

Dec 5, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Weaknesses (CWE)

CWE-16

Affected Products (5)

microsoft · windows_firewallvulnerable

zabbix · zabbix (up to 6.0.12)vulnerable

zabbix · zabbix (up to 6.2.6)vulnerable

zabbix · zabbixvulnerable

References (2)

https://support.zabbix.com/browse/ZBX-22002

ExploitPatchVendor Advisory

https://support.zabbix.com/browse/ZBX-22002

ExploitPatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs