CISA expands Known Exploited Vulnerabilities Catalog with critical flaws

27
CISA expands Known Exploited Vulnerabilities Catalog with critical flaws-01

The United States Cybersecurity and Infrastructure Security Agency (CISA) this week expanded its Vulnerable Identification Catalog with two key flaws in Zabbix’s business monitoring solution.

Followed as CVE-2022-23131 and CVE-2022-23134, two risks may be used to override assurance and access to administrator rights, which may allow the attacker to issue invalid commands. Zabbix is ​​an open source monitoring platform that organizations use within their networks to collect and process single data such as CPU load and network traffic.

Identified by security researchers with SonarSource, both risks are related to how Zabbix stores session data on the client side and can lead to network integrity issues

Read More: https://www.securityweek.com/cisa-warns-attacks-exploiting-recent-vulnerabilities-zabbix-monitoring-tool