Login Sign Up

CVE-2020-23451

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

This Cross-Site Request Forgery (CSRF) vulnerability in Spiceworks allows attackers to trick authenticated administrators into performing unintended actions, potentially escalating privileges. It affects Spiceworks versions up to 7.5.00107. Attackers can exploit this by luring administrators to malicious web pages while logged into Spiceworks.

💻 Affected Systems

Products:
  • Spiceworks
Versions: <= 7.5.00107
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations with default configurations. The vulnerability is in the web interface accessible to authenticated users.

📦 What is this software?

Spiceworks by Spiceworks

View all CVEs affecting Spiceworks →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full administrative takeover of the Spiceworks instance, allowing attacker to create new admin accounts, modify existing users, and potentially pivot to other systems.

🟠

Likely Case

Privilege escalation where attackers gain administrative access to Spiceworks, enabling them to view sensitive IT infrastructure data and modify system configurations.

🟢

If Mitigated

Limited impact if proper CSRF protections and network segmentation are in place, with only authenticated session hijacking possible.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires the victim to be authenticated as an administrator and visit a malicious webpage. The exploit chain may involve XSS as referenced in the advisory links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 7.5.00107

Vendor Advisory: http://spiceworks.com

Restart Required: Yes

Instructions:

1. Backup current Spiceworks installation and database. 2. Download latest version from Spiceworks website. 3. Run installer to upgrade. 4. Restart Spiceworks service. 5. Verify version is > 7.5.00107.

🔧 Temporary Workarounds

CSRF Token Implementation

all

Add CSRF tokens to all state-changing requests in custom implementations

SameSite Cookie Enforcement

all

Configure session cookies with SameSite=Strict attribute

🧯 If You Can't Patch

  • Implement network segmentation to isolate Spiceworks from user browsing activities
  • Use separate browser profiles or machines for administrative tasks vs general web browsing

🔍 How to Verify

Check if Vulnerable:

Check Spiceworks version in web interface under Help > About or via command line: 'spiceworks --version'

Check Version:

spiceworks --version

Verify Fix Applied:

Confirm version is > 7.5.00107 and test CSRF protection by attempting to submit forms without valid tokens

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed privilege escalation attempts
  • Unusual user creation/modification events from unexpected IPs
  • CSRF token validation failures

Network Indicators:

  • HTTP POST requests to /settings/v1/users without Referer headers
  • Cross-origin requests to Spiceworks endpoints

SIEM Query:

source="spiceworks" AND (event="user_modified" OR event="user_created") AND src_ip NOT IN [admin_ips]

📊 Metadata

CVE ID: CVE-2020-23451
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: September 15, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-23451, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-10181 9.8

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimed...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)