CVE-2022-43516 MEDIUM

CVE-2022-43516: Zabbix Agent installer adds “allow all TCP any any” firewall rule

Vendor Zabbix
Product Zabbix agent (MSI packages)
Weakness CWE-16
Published December 12, 2022
Last update April 18, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)

Key dates

02Disclosure timeline

December 12, 2022 CVE published
April 18, 2025 Record updated