Zabbix < 1.8.20 / 2.0.11 / 2.2.2 Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote web application may be affected by multiple vulnerabilities.

Description :

According to its self-reported version number, the instance of Zabbix
listening on the remote host is potentially affected by the following
vulnerabilities :

- An error exists related to LDAP authentication that
could disclose the LDAP bind password. (CVE-2013-5572)

- An error exists related to HTTP authentication, the API
function 'user.login' call and user switching that could
allow a security bypass. (CVE-2014-1682)

- An error exists related to the user type 'Zabbix Admin'
that could allow unauthorized application changes that
should be reserved only for the user type 'Zabbix Super
Admin'. (CVE-2014-1685)

Note that Nessus did not actually test for these flaws, but instead has
relied on the version in the Zabbix login page.

See also :

http://www.zabbix.com/rn1.8.20.php
http://www.zabbix.com/rn2.0.11.php
http://www.zabbix.com/rn2.2.2.php
https://support.zabbix.com/browse/ZBX-6721
https://support.zabbix.com/browse/ZBX-7693
https://support.zabbix.com/browse/ZBX-7703

Solution :

Update Zabbix to version 1.8.20, 2.0.11, 2.2.2 or later.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 72770 ()

Bugtraq ID: 65402
65446

CVE ID: CVE-2013-5572
CVE-2014-1682
CVE-2014-1685