CVE-2022-23349 – BigAnt Server v5.6.06 contains a Cross-Site Req... (How to Fix)

Q: What is the severity of CVE-2022-23349?

CVE-2022-23349 has a CVSS score of 8.8 (HIGH). BigAnt Server v5.6.06 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unintended actions on the server. This affects all users of BigAnt Server v5.6.06 who have web interface access. Attackers can exploit this by luring users to malicious websites while they're logged into BigAnt.

📋 TL;DR

BigAnt Server v5.6.06 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unintended actions on the server. This affects all users of BigAnt Server v5.6.06 who have web interface access. Attackers can exploit this by luring users to malicious websites while they're logged into BigAnt.

💻 Affected Systems

Products:

BigAnt Server

Versions: v5.6.06

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of BigAnt Server v5.6.06 are vulnerable by default. The vulnerability exists in the web interface component.

📦 What is this software?

Bigant Server by Bigantsoft

View all CVEs affecting Bigant Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the BigAnt server through privilege escalation, data theft, or unauthorized administrative actions performed by tricked administrators.

🟠

Likely Case

Unauthorized actions performed by authenticated users, such as changing settings, deleting data, or creating new user accounts without their knowledge.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or if users only access BigAnt from trusted networks.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the victim to be authenticated to BigAnt Server and visit a malicious website. Public proof-of-concept code is available on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.6.07 or later

Vendor Advisory: https://www.bigantsoft.com/

Restart Required: Yes

Instructions:

1. Download the latest version from BigAntSoft website. 2. Backup current installation. 3. Install the update following vendor instructions. 4. Restart the BigAnt Server service.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing requests in the application

SameSite Cookie Attribute

all

Set SameSite=Strict or SameSite=Lax attributes on session cookies

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF attempts
Restrict BigAnt Server access to trusted networks only and implement strict access controls

🔍 How to Verify

Check if Vulnerable:

Check BigAnt Server version in administration panel or configuration files. If version is exactly 5.6.06, system is vulnerable.

Check Version:

Check web interface admin panel or examine server configuration files for version information

Verify Fix Applied:

Verify version is 5.6.07 or higher in administration panel. Test CSRF protection by attempting to submit forms without proper tokens.

📡 Detection & Monitoring

Log Indicators:

Multiple failed state-changing requests from same IP
Unusual administrative actions from non-admin users
Requests missing CSRF tokens

Network Indicators:

HTTP POST requests to BigAnt endpoints without Referer headers
Requests from external domains to internal BigAnt endpoints

SIEM Query:

source="bigant.logs" AND (action="admin_change" OR action="user_create" OR action="config_modify") AND csrf_token="null"

📊 Metadata

CVE ID: CVE-2022-23349

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: March 21, 2022

Last Updated: November 21, 2024

🔗 References

http://bigant.com Not Applicable,Product
https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23349 Exploit,Third Party Advisory
https://www.bigantsoft.com/ Vendor Advisory
http://bigant.com Not Applicable,Product
https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23349 Exploit,Third Party Advisory
https://www.bigantsoft.com/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23349, you might also want to check these: