Headline
CVE-2022-43516: [ZBX-22002] Zabbix Agent Installer Adds Allow All TCP any any firewall rule
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
Steps to reproduce:
- Download Agent 1 or Agent 2 (Does not Matter)
1. Windows-Any-amd64-6.0 LTS-OpenSSL-MSI
2. Windows-Any-amd64-6.2-OpenSSL-MSI - Install with Default Options
- Set Server and Proxy Server to Zabbix Server IP
- Install
- Check Firewall Rules (Seen in both Domain and Non-Domain)
Have Only tested 6.0.10,6.0.11,6.2.15. Others can test other versions and platforms.
Result:
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall.
See Screenshot
Expected:
Allow Agent Port Number only.