CVE-2024-3142 in E10
Summary
by MITRE • 04/02/2024
A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-258917 was assigned to this vulnerability.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 04/09/2025
The vulnerability identified as CVE-2024-3142 represents a cross-site request forgery weakness within Clavister E10 and E80 network security appliances running firmware versions up to 14.00.10. This issue resides within the Setting Handler component, which processes administrative configuration requests and user inputs. The vulnerability classification as problematic indicates significant security implications that could compromise the integrity and availability of network infrastructure. The affected devices operate as critical security appliances in enterprise environments, making this vulnerability particularly concerning for organizations relying on Clavister's firewall and security solutions.
The technical flaw manifests through improper validation of cross-site requests within the Setting Handler module, which processes configuration changes and administrative operations. This weakness allows attackers to manipulate the processing flow in a way that enables unauthorized actions to be executed on behalf of authenticated users. The vulnerability's remote exploitation capability means that attackers can initiate malicious requests from external networks without requiring physical access to the device. The attack vector exploits the lack of proper anti-CSRF tokens or validation mechanisms in the administrative interfaces, enabling attackers to perform unauthorized configuration changes that could disrupt network security policies or compromise device access.
The operational impact of this vulnerability extends beyond simple unauthorized access, potentially allowing attackers to modify critical network security settings, alter firewall rules, or manipulate authentication configurations. Given that these are enterprise-grade security appliances, successful exploitation could lead to complete network compromise, data exfiltration, or disruption of critical business operations. The public disclosure of the exploit increases the risk profile significantly, as threat actors can immediately leverage this vulnerability without requiring advanced technical skills. Organizations using affected versions face potential exposure to persistent threats that could establish backdoors or weaken overall network security posture.
Mitigation strategies should prioritize immediate upgrading to firmware version 14.00.11, which contains the necessary patches to address the CSRF vulnerability. Network administrators should also implement additional protective measures including network segmentation, monitoring for suspicious administrative activities, and implementing additional authentication controls. The vulnerability aligns with CWE-352, which specifically addresses Cross-Site Request Forgery, and maps to ATT&CK technique T1078.004 for Valid Accounts and T1566.001 for Phishing, as attackers could leverage this vulnerability to establish persistent access through compromised administrative sessions. Organizations should conduct comprehensive security assessments of their network infrastructure to identify any other potentially affected devices and ensure proper patch management protocols are in place to prevent similar vulnerabilities from emerging in the future.