CVE-2019-17382 Scanner
Detects 'Authentication Bypass' vulnerability in Zabbix affects v. through 4.4.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
60 sec
Scan only one
Domain, Ipv4
Parent Category
CVE-2019-17382 Scanner Detail
Zabbix is a popular open-source monitoring software designed to keep an eye on various aspects of IT infrastructure like servers, networks, applications, and services. This product helps IT teams monitor their infrastructure, troubleshoot errors, and maintain optimal performance to ensure the smooth functioning of their operations. It's used by many organizations of different sizes and across various industries around the world.
Recently, a vulnerability code, CVE-2019-17382, was detected in Zabbix's dashboard view functionality in versions up to 4.4. This vulnerability allows attackers to bypass the login page and access the dashboard page. Attackers can then create Dashboards, Reports, Screens, and Maps without the need for a username or password, allowing them to exploit the software anonymously.
The use of this vulnerability by attackers brings severe risks to organizations. Attackers may have anonymous access to sensitive information about the organization's infrastructure and could modify monitoring parameters without fear of detection. Furthermore, the creation of reports and dashboards without user authentication could result in theft or manipulation of critical system data, jeopardizing confidentiality, availability, and integrity of the business's digital assets.
Thanks to the pro features of the securityforeveryone.com platform, readers of this article can stay informed about vulnerabilities like CVE-2019-17382 and their potential impact on their digital assets. The subscription service provides regular updates to the latest vulnerabilities and offers custom alerts to stay on top of any threats. Users of securityforeveryone.com can also take advantage of advanced scanning and penetration testing services to identify vulnerabilities actively and proactively mitigate them before attackers exploit them.
REFERENCES
control security posture