Security features bypass in EspoCRM

Published: 2024-03-18

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-24818
CWE-ID	CWE-254
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software	EspoCRM Web applications / CRM systems
Vendor	EspoCRM

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Security features bypass

EUVDB-ID: #VU87582

Risk: Medium

CVSSv4.0: 2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-24818

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to weakness in "Forgot password". A remote attacker on the local network can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

EspoCRM: 8.1.0 - 8.1.1

CPE2.3

External links

https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.