CVE-2021-47722
5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Summary
Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking authenticated users into loading the page.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Axesstmc | Zucchetti Axess CLOKI Access Control | 1.64 | affected |
Weaknesses
- CWE-352: Cross-Site Request Forgery (CSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/50595
- https://www.axesstmc.com
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5689.php
- https://www.vulncheck.com/advisories/zucchetti-axess-cloki-access-control-cross-site-request-forgery
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.