CVE Number – CVE-2017-2826
A vulnerability in the iConfig proxy request feature of Zabbix server could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.
The vulnerability is due to improper handling of iConfig proxy requests by the affected software. An attacker who has knowledge of the IP address of a configured Zabbix proxy could exploit this vulnerability by sending customized iConfig proxy request packets to a targeted Zabbix server. A successful exploit could allow the attacker to access sensitive information from any configured Zabbix proxy.
Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.
Zabbix has not publicly confirmed this vulnerability and software updates are not available.
To exploit this vulnerability, an attacker must know the IP address of a Zabbix proxy that is configured to be used with a Zabbix server in order to send crafted iConfig proxy request packets to the server. This requirement could make a successful exploit difficult to achieve.
Cisco Talos has released a report describing this vulnerability at the following link: TALOS-2017-0327
Administrators are advised to contact the vendor regarding future updates and releases.
Administrators are advised to allow only trusted users to have network access.
Administrators are advised to allow only privileged users to access administration or management systems.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Administrators are advised to monitor affected systems.
Vendor announcements are unavailable.
Software updates are unavailable.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.