CVE-2022-45893 in eStream
Summary
by MITRE • 12/25/2022
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/14/2025
The vulnerability identified as CVE-2022-45893 affects Planet eStream software versions prior to 6.72.10.07, presenting a critical authorization bypass flaw that enables low-privileged users to escalate their privileges and gain administrative access. This issue stems from insufficient session management and inadequate validation of authentication tokens, specifically targeting the ON cookie mechanism used for user authentication and authorization within the application. The vulnerability represents a significant weakness in the software's access control implementation, allowing unauthorized users to manipulate session identifiers and assume higher privilege roles without proper authentication.
The technical flaw manifests through predictable or guessable cookie values that can be manipulated by attackers with minimal privileges. When a user accesses the application, the system generates an ON cookie containing session information that should normally be protected and validated. However, the vulnerability allows an attacker to determine valid cookie values through brute-force techniques, potentially exploiting weak cryptographic randomness or predictable value generation algorithms. This weakness directly violates the principle of least privilege and demonstrates poor implementation of session management controls, as outlined in CWE-613. The vulnerability essentially creates a backdoor mechanism through which any authenticated user can escalate their privileges to administrative levels.
The operational impact of this vulnerability is severe and far-reaching, as it enables complete compromise of the affected system from the perspective of a low-privileged user. Once an attacker successfully calculates or guesses a valid ON cookie value, they gain persistent access to administrative functions and can perform actions such as modifying user accounts, accessing sensitive data, altering system configurations, and potentially exfiltrating confidential information. The brute-force nature of the attack means that automated tools can be employed to systematically test possible cookie values, making this vulnerability particularly dangerous in environments where the application is exposed to external networks. This access escalation capability directly maps to multiple ATT&CK techniques including privilege escalation, persistence, and credential access, with potential for lateral movement throughout the network.
Organizations affected by this vulnerability should immediately implement the vendor-provided patch version 6.72.10.07 to address the session management flaw. Additionally, administrators should conduct thorough security assessments of all session management implementations within their environment, ensuring proper cryptographic randomness in cookie generation and implementing robust session validation mechanisms. Network segmentation should be considered to limit exposure of the affected application to untrusted networks, while monitoring systems should be enhanced to detect suspicious cookie manipulation patterns. The vulnerability highlights the critical importance of proper session management and access control implementation, aligning with security frameworks such as NIST SP 800-63B for authentication and session management best practices. Regular security testing including penetration testing and vulnerability scanning should be conducted to identify similar flaws in other applications within the organization's attack surface.