Login Sign Up

CVE-2021-45886

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

PONTON X/P Messenger versions before 3.11.2 have globally valid anti-CSRF tokens, allowing attackers to use low-privileged user tokens to perform actions as higher-privileged users. This affects all users of vulnerable versions, particularly administrators who could have their accounts compromised.

💻 Affected Systems

Products:
  • PONTON X/P Messenger
Versions: All versions before 3.11.2
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with multiple user roles are vulnerable. The vulnerability exists in the CSRF protection mechanism itself.

📦 What is this software?

X\/p Messenger by Ponton

View all CVEs affecting X\/p Messenger →

X\/p Messenger by Ponton

View all CVEs affecting X\/p Messenger →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account takeover leading to complete system compromise, data theft, or malicious configuration changes.

🟠

Likely Case

Privilege escalation where attackers use operator tokens to perform administrative actions like user management or system configuration.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external attackers from reaching the application.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires an attacker to obtain a valid low-privilege user token, which could be done through social engineering, XSS, or other means.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.11.2

Vendor Advisory: https://www.ponton.de/products/xpmessenger/

Restart Required: Yes

Instructions:

1. Download version 3.11.2 or later from PONTON website. 2. Backup current installation. 3. Install the update following vendor instructions. 4. Restart the application service.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to the X/P Messenger application to trusted networks only

Session Timeout Reduction

all

Reduce session timeout values to limit token validity window

Check application configuration for session timeout settings

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the application
  • Monitor for unusual administrative actions and implement multi-factor authentication

🔍 How to Verify

Check if Vulnerable:

Check application version in admin interface or configuration files. If version is below 3.11.2, the system is vulnerable.

Check Version:

Check application web interface or consult vendor documentation for version checking method

Verify Fix Applied:

Verify version is 3.11.2 or higher and test CSRF protection by attempting to use a low-privilege token for administrative actions.

📡 Detection & Monitoring

Log Indicators:

  • Multiple administrative actions from low-privilege user accounts
  • Unusual administrative activity patterns

Network Indicators:

  • CSRF token reuse across different user sessions
  • Unexpected administrative requests

SIEM Query:

source="xpmessenger" AND (action="admin_*" AND user_role="operator")

📊 Metadata

CVE ID: CVE-2021-45886
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: March 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45886, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)