CVE-2024-56116
Published: 18 December 2024
Summary
CVE-2024-56116 is a high-severity CSRF (CWE-352) vulnerability in Amiro Amiro.Cms. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Create Account (T1136); ranked in the top 6.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-56116 is a Cross-Site Request Forgery vulnerability, tracked as CWE-352, that affects Amiro.CMS versions before 7.8.4. The issue received a CVSS 3.1 score of 8.8 with an attack vector of network, low complexity, no required privileges, and required user interaction, resulting in high impact to confidentiality, integrity, and availability.
An unauthenticated remote attacker can exploit the flaw by luring an authenticated user into visiting a malicious page or link that forges a request to create a new administrator account. Successful exploitation grants the attacker full administrative control over the affected CMS instance.
The vulnerability was published on 2024-12-18 with a current and peak EPSS of 0.1205. A technical reference is available at the provided GitHub repository.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52983
Vulnerability details
A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CSRF vulnerability in Amiro.CMS enables remote attackers to exploit a public-facing web application (T1190) to create an administrator account (T1136), facilitating privilege escalation and persistence.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Awareness training educates users on avoiding untrusted links and actions that can be exploited via CSRF.
Requiring user re-entry of credentials for sensitive actions prevents automated forgery of requests without active user participation.
Security testing regimens explicitly include checks for missing or ineffective anti-CSRF protections in web applications.
Detects anomalous request patterns consistent with cross-site request forgery.