Cyber Resilience

CVE-2024-45264

High

Published: 27 August 2024

Published
27 August 2024
Modified
30 August 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0928 92.9th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45264 is a high-severity CSRF (CWE-352) vulnerability in Skyss Arfa-Cms. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 7.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A cross-site request forgery vulnerability tracked as CVE-2024-45264 affects the administrative interface of SkySystem Arfa-CMS versions prior to 5.1.3124. The flaw, assigned CWE-352, permits an attacker to submit unauthorized requests that add a new administrator account without the victim's knowledge or interaction beyond visiting a malicious page.

An unauthenticated remote attacker can exploit the issue by crafting a web page or link that, when visited by an authenticated administrator, triggers the addition of a privileged account. Successful exploitation grants the attacker full administrative control over the CMS instance, enabling further actions such as content manipulation or persistence within the application.

The GitHub repository at https://github.com/TheHermione/CVE-2024-45264 and the vendor site at https://skyss.ru provide the primary references for the issue. The EPSS score has remained flat at 0.0928 with no observed increase following disclosure.

EU & UK References

Vulnerability details

A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1136 Create Account Persistence
Adversaries may create an account to maintain access to victim systems.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CSRF vulnerability in admin panel of public-facing CMS enables exploitation of public-facing application (T1190), creation of new administrator account (T1136), and privilege escalation (T1068).

Affected Assets

skyss
arfa-cms
≤ 5.1.3124

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-352

Awareness training educates users on avoiding untrusted links and actions that can be exploited via CSRF.

addresses: CWE-352

Requiring user re-entry of credentials for sensitive actions prevents automated forgery of requests without active user participation.

addresses: CWE-352

Security testing regimens explicitly include checks for missing or ineffective anti-CSRF protections in web applications.

addresses: CWE-352

Detects anomalous request patterns consistent with cross-site request forgery.

References