CVE-2024-2741 in IGS-4215-16T2Sinfo

Summary

by MITRE • 04/11/2024

Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts through the Switch web interface.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 04/13/2025

This cross-site request forgery vulnerability exists within the Planet IGS-4215-16T2S network switch device firmware version 1.305b210528 and represents a significant security weakness that undermines the integrity of user sessions and administrative controls. The vulnerability stems from the device's failure to implement proper anti-CSRF mechanisms in its web-based management interface, which operates through the Switch web interface for account management operations. This flaw aligns with CWE-352, which specifically addresses Cross-Site Request Forgery weaknesses in web applications and systems. The vulnerability allows remote attackers to craft malicious requests that can be executed within the context of an authenticated user's session without their knowledge or consent, effectively bypassing the authentication and authorization controls that should protect administrative functions.

The technical implementation of this vulnerability exploits the absence of anti-CSRF tokens or other session validation mechanisms within the web interface forms used for account management operations. When authenticated users navigate to malicious websites or receive crafted links, their browsers automatically submit requests to the vulnerable switch interface, potentially executing administrative actions such as adding new user accounts or modifying existing ones. This attack vector operates through the standard HTTP request mechanisms that are typically used for legitimate administrative operations within the device's web interface, making it particularly dangerous because the malicious requests appear to originate from authenticated users. The attack requires minimal privileges for the attacker to initiate but can result in significant unauthorized access and privilege escalation within the network infrastructure.

The operational impact of this vulnerability extends beyond simple unauthorized access to encompass potential network compromise and administrative control loss. An attacker who successfully exploits this CSRF vulnerability could gain unauthorized access to network management functions, potentially leading to complete network disruption, unauthorized user account creation, or modification of critical network configurations. This threat is particularly concerning in enterprise environments where network switches serve as critical infrastructure components, as unauthorized access to switch management interfaces can provide attackers with pathways to escalate privileges and move laterally within the network. The vulnerability affects the device's ability to maintain secure session management and authentication integrity, which are fundamental requirements for network security and compliance with industry standards such as NIST SP 800-53 and ISO 27001.

Mitigation strategies for this vulnerability should focus on implementing proper anti-CSRF token mechanisms within the web interface, ensuring that all administrative operations require unique tokens that validate the authenticity of requests. Network administrators should immediately upgrade to the latest firmware version that addresses this vulnerability, as the manufacturer should have released patches or updates to correct the missing CSRF protection mechanisms. Additionally, implementing network segmentation and access controls can help limit the impact of potential exploitation, while regular security audits should verify that all administrative interfaces properly implement session validation and authentication controls. Organizations should also consider deploying web application firewalls and monitoring systems that can detect anomalous administrative requests that may indicate CSRF attack attempts. The ATT&CK framework categorizes this vulnerability under T1078 Valid Accounts and T1566 Phishing, as attackers can leverage authenticated sessions to perform unauthorized actions, and T1543 Create or Modify System Process, as the attack can modify system configurations through the compromised administrative interface.

Reservation

03/20/2024

Disclosure

04/11/2024

Moderation

accepted

CPE

ready

EPSS

0.00225

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!