CVE-2019-17382

CRITICAL NUCLEI

Zabbix < 4.4 - Unauthenticated Authorization Bypass via Dashboard View Action

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-17382. PoCs published by Milad Khoshdel, K3ysTr0K3R. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Zabbix versions 2.x, 3.x, and 4.x by directly accessing the dashboard page via a crafted GET request. The server responds with a 200 OK and loads the dashboard content without requiring authentication.

Description

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.

Exploits (2)

exploitdb WORKING POC

by Milad Khoshdel · textwebappsphp

https://www.exploit-db.com/exploits/47467

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Zabbix versions 2.x, 3.x, and 4.x by directly accessing the dashboard page via a crafted GET request. The server responds with a 200 OK and loads the dashboard content without requiring authentication.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Zabbix [2.x, 3.x, 4.x]

No auth needed

Prerequisites: Access to the Zabbix web interface

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SCANNER 3 stars

by K3ysTr0K3R · poc

https://github.com/K3ysTr0K3R/CVE-2019-17382-EXPLOIT

View Code ZIP pw:eip

This repository contains a Python script that scans for CVE-2019-17382, an authentication bypass vulnerability in Zabbix versions up to 4.4. It checks for the presence of the vulnerable endpoint and confirms bypass by detecting the 'Dashboard' string in the response.

Classification

Scanner 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Zabbix up to 4.4

No auth needed

Prerequisites: Network access to the target Zabbix instance · Zabbix instance running an affected version

MITRE ATT&CK

T1110 - Brute Force T1589 - Gather Victim Identity Information

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

Zabbix <=4.4 - Authentication Bypass

CRITICALby harshbothra_

Shodan: http.favicon.hash:892542951 || http.title:"zabbix-server" || cpe:"cpe:2.3:a:zabbix:zabbix"

FOFA: icon_hash=892542951 || app="zabbix-监控系统" && body="saml" || title="zabbix-server"

References (2)

Core 2

Core References

Mailing List mailing-list

https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html

Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/47467

Scores

CVSS v3 9.1

EPSS 0.5415

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-639

Status published

Products (1)

zabbix/zabbix < 4.4

Published Oct 09, 2019

Tracked Since Feb 18, 2026