Cyber Resilience

CVE-2024-56116

High

Published: 18 December 2024

Published
18 December 2024
Modified
23 April 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.1205 93.9th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56116 is a high-severity CSRF (CWE-352) vulnerability in Amiro Amiro.Cms. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Create Account (T1136); ranked in the top 6.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-56116 is a Cross-Site Request Forgery vulnerability, tracked as CWE-352, that affects Amiro.CMS versions before 7.8.4. The issue received a CVSS 3.1 score of 8.8 with an attack vector of network, low complexity, no required privileges, and required user interaction, resulting in high impact to confidentiality, integrity, and availability.

An unauthenticated remote attacker can exploit the flaw by luring an authenticated user into visiting a malicious page or link that forges a request to create a new administrator account. Successful exploitation grants the attacker full administrative control over the affected CMS instance.

The vulnerability was published on 2024-12-18 with a current and peak EPSS of 0.1205. A technical reference is available at the provided GitHub repository.

EU & UK References

Vulnerability details

A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1136 Create Account Persistence
Adversaries may create an account to maintain access to victim systems.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The CSRF vulnerability in Amiro.CMS enables remote attackers to exploit a public-facing web application (T1190) to create an administrator account (T1136), facilitating privilege escalation and persistence.

Affected Assets

amiro
amiro.cms
≤ 7.8.4

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-352

Awareness training educates users on avoiding untrusted links and actions that can be exploited via CSRF.

addresses: CWE-352

Requiring user re-entry of credentials for sensitive actions prevents automated forgery of requests without active user participation.

addresses: CWE-352

Security testing regimens explicitly include checks for missing or ineffective anti-CSRF protections in web applications.

addresses: CWE-352

Detects anomalous request patterns consistent with cross-site request forgery.

References