CVE-2017-5368 : Security Advisory and Response
Learn about CVE-2017-5368 affecting ZoneMinder v1.30 and v1.29. Understand the CSRF vulnerability allowing unauthorized admin user creation and how to mitigate the risk.
ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) allowing attackers to create unauthorized admin users.
Understanding CVE-2017-5368
ZoneMinder v1.30 and v1.29 have a CSRF vulnerability that enables attackers to make unauthorized changes by creating new admin users.
What is CVE-2017-5368?
- ZoneMinder v1.30 and v1.29 are susceptible to CSRF attacks
- Attackers can exploit this vulnerability to create new admin users without authorization
- The vulnerable URL is /zm/index.php
The Impact of CVE-2017-5368
- Attackers can gain remote persistence and execute further attacks
- Unauthorized changes can be made to the web application
Technical Details of CVE-2017-5368
ZoneMinder v1.30 and v1.29 are vulnerable to CSRF attacks, allowing for unauthorized admin user creation.
Vulnerability Description
- CSRF vulnerability in ZoneMinder v1.30 and v1.29
- Attackers can exploit this to create new admin users
Affected Systems and Versions
- ZoneMinder v1.30 and v1.29
Exploitation Mechanism
- Attacker tricks victim into visiting a malicious webpage
- Parameters used: action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit
Mitigation and Prevention
Immediate Steps to Take
- Implement CSRF tokens to prevent CSRF attacks
- Regularly monitor and audit admin user accounts
- Educate users about the risks of visiting unknown websites
Long-Term Security Practices
- Keep the ZoneMinder application updated to the latest version
- Conduct regular security assessments and penetration testing
Patching and Updates
- Apply patches and updates provided by ZoneMinder to address the CSRF vulnerability