CVE-2024-56924
Published: 22 January 2025
Summary
CVE-2024-56924 is a high-severity CSRF (CWE-352) vulnerability in Codeastro Internet Banking System. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked at the 28.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 directly prevents CSRF by protecting the authenticity of communications sessions against forged requests that bypass validation.
SI-10 mandates validation of information inputs to applications, directly addressing the improper validation of user requests enabling CSRF exploitation.
AC-3 enforces approved authorizations for access to system resources like the admin page, partially mitigating unauthorized actions from CSRF-forged requests.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF vulnerability in public-facing internet banking admin panel enables forging requests to abuse valid admin accounts (T1078), perform unauthorized account modifications (T1098), and exploit the public-facing application (T1190).
NVD Description
A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user…
more
information. This vulnerability occurs due to improper validation of user requests, which enables attackers to exploit the system by tricking the admin user into executing malicious scripts.
Deeper analysisAI
CVE-2024-56924 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, affecting the Code Astro Internet Banking System version 2.0.0. The flaw resides in the admin page (pages_account) due to improper validation of user requests, enabling remote attackers to execute arbitrary JavaScript. This issue has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts with network accessibility, low complexity, required low privileges, and user interaction.
Attackers can exploit this vulnerability remotely by tricking an authenticated admin user into interacting with a malicious webpage or resource, such as clicking a crafted link. Successful exploitation allows execution of arbitrary JavaScript in the context of the admin page, potentially enabling unauthorized actions like modifying account settings or exfiltrating sensitive user information.
Further details, including proof-of-concept code, are available in the referenced GitHub repository at https://github.com/ipratheep/CVE-2024-56924. No specific patch or mitigation guidance is detailed in the provided information.
Details
- CWE(s)