Zabbix Dashboards Access Module

What is the "zabbix-dashboards-access" module?

The "zabbix-dashboards-access" module is a test case designed to detect a specific vulnerability in the Zabbix monitoring software. Zabbix is an open-source monitoring solution that allows users to monitor various aspects of their IT infrastructure. This module focuses on identifying a misconfiguration that could potentially allow unauthorized access to Zabbix dashboards.

This module has a medium severity level, indicating that if the vulnerability is successfully exploited, it could lead to significant security risks for the affected system.

This module was authored by pussycat0x and vsh00t.

Impact

If the "zabbix-dashboards-access" module detects a vulnerability, it means that an attacker could gain unauthorized access to Zabbix dashboards. This could potentially expose sensitive information, compromise the integrity of monitoring data, and allow the attacker to perform further malicious actions within the monitored system.

How does the module work?

The "zabbix-dashboards-access" module works by sending an HTTP request to the target system's Zabbix installation. The request is made to the "/zabbix/zabbix.php?action=dashboard.list" endpoint using the GET method.

The module then applies two matching conditions to determine if the vulnerability exists:

- Matcher 1: It checks if the response contains the words "Create dashboard" and "Zabbix SIA". If both words are present, it indicates a potential misconfiguration. - Matcher 2: It verifies if the response status code is 200, indicating a successful request. If the status code is different, the module does not consider it a match.

If both matching conditions are met, the module reports the vulnerability, indicating that the "zabbix-dashboards-access" guest login credentials were successful.

References

- https://www.exploit-db.com/ghdb/5595

- https://packetstormsecurity.com/