CVE-2024-22114
📋 TL;DR
This CVE describes an information disclosure vulnerability in Zabbix where unauthenticated users can access host statistics through the System Information Widget. This affects Zabbix installations with improperly configured permissions, allowing unauthorized viewing of system metrics.
💻 Affected Systems
- Zabbix
📦 What is this software?
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
Zabbix by Zabbix
⚠️ Risk & Real-World Impact
Worst Case
An attacker could map the entire infrastructure by viewing host counts and statistics, potentially identifying valuable targets for further attacks.
Likely Case
Unauthorized users gain visibility into system metrics and host counts, revealing information about the monitoring environment.
If Mitigated
With proper authentication and authorization controls, impact is limited to authorized users only.
🎯 Exploit Status
Exploitation requires access to the Zabbix web interface but no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Zabbix 6.0.29, 6.4.14, 7.0.0beta3
Vendor Advisory: https://support.zabbix.com/browse/ZBX-25015
Restart Required: No
Instructions:
1. Backup your Zabbix configuration and database. 2. Download the patched version from Zabbix website. 3. Follow Zabbix upgrade documentation for your specific version. 4. Verify the fix by testing access controls.
🔧 Temporary Workarounds
Disable System Information Widget
allRemove or disable the System Information Widget from Global View Dashboard
Navigate to Zabbix web interface > Monitoring > Dashboard > Edit Global View > Remove System Information Widget
Restrict Dashboard Access
allConfigure user permissions to restrict access to Global View Dashboard
Navigate to Zabbix web interface > Administration > User groups > Edit permissions > Remove Global View access
🧯 If You Can't Patch
- Implement network segmentation to restrict access to Zabbix interface
- Configure web application firewall rules to block unauthorized access to dashboard endpoints
🔍 How to Verify
Check if Vulnerable:
Attempt to access Zabbix Global View Dashboard as an unauthenticated user and check if host statistics are visible.Check Version:
zabbix_server --version 2>/dev/null | head -1 || echo "Check Zabbix web interface footer for version"Verify Fix Applied:
After patching, verify that unauthenticated users cannot access host statistics in the System Information Widget.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access attempts to dashboard endpoints in Zabbix web server logs
Network Indicators:
- Unusual requests to /zabbix/zabbix.php?action=dashboard.view from unauthenticated IPs
SIEM Query:
source="zabbix_access.log" AND (uri="/zabbix/zabbix.php?action=dashboard.view" OR uri="/zabbix/dashboard.php") AND status=200 AND user="-"