CVE-2022-24047 – CVE-2022-24047 is an authentication bypass vuln... (How to Fix)

Q: What is the severity of CVE-2022-24047?

CVE-2022-24047 has a CVSS score of 9.8 (CRITICAL). CVE-2022-24047 is an authentication bypass vulnerability in BMC Track-It! that allows remote attackers to access protected functionality without credentials. This affects installations of BMC Track-It! 20.21.01.102 where the system is exposed to untrusted networks.

📋 TL;DR

CVE-2022-24047 is an authentication bypass vulnerability in BMC Track-It! that allows remote attackers to access protected functionality without credentials. This affects installations of BMC Track-It! 20.21.01.102 where the system is exposed to untrusted networks.

💻 Affected Systems

Products:

BMC Track-It!

Versions: 20.21.01.102

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of the affected version are vulnerable by default. The vulnerability exists in the HTTP request authorization mechanism.

📦 What is this software?

Track It\! by Bmc

View all CVEs affecting Track It\! →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Track-It! system allowing attackers to access, modify, or delete sensitive data, escalate privileges, or pivot to other systems.

🟠

Likely Case

Unauthorized access to sensitive information, configuration changes, or service disruption.

🟢

If Mitigated

Limited impact if system is isolated behind strong network controls and access restrictions.

🌐 Internet-Facing: HIGH - Authentication bypass vulnerabilities on internet-facing systems allow direct exploitation without credentials.

🏢 Internal Only: MEDIUM - Still significant risk from insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and has a simple exploitation path. While no public PoC exists, the nature of the vulnerability makes weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply the security patch from BMC

Vendor Advisory: https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It

Restart Required: Yes

Instructions:

1. Download the security patch from BMC support portal. 2. Apply the patch following BMC's installation instructions. 3. Restart the Track-It! service. 4. Verify the patch is applied successfully.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to Track-It! to only trusted IP addresses

Use firewall rules to restrict access to Track-It! port (default 80/443) to authorized IPs only

Web Application Firewall

all

Deploy WAF with rules to detect and block authentication bypass attempts

Configure WAF rules to monitor for unusual authentication patterns and unauthorized access attempts

🧯 If You Can't Patch

Isolate the Track-It! system behind a firewall with strict IP-based access controls
Implement network segmentation to limit the system's exposure and potential lateral movement

🔍 How to Verify

Check if Vulnerable:

Check if Track-It! version is 20.21.01.102. If yes, assume vulnerable unless patched.

Check Version:

Check Track-It! web interface or administration console for version information

Verify Fix Applied:

Verify the patch is applied by checking version information in Track-It! administration panel and confirming with BMC support.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to protected endpoints
Authentication bypass patterns in web server logs
Access to admin functions from unauthenticated IPs

Network Indicators:

HTTP requests to protected endpoints without authentication headers
Unusual access patterns to Track-It! web interface

SIEM Query:

source="track-it-logs" AND (event_type="auth_failure" OR event_type="unauthorized_access") AND status="200"

📊 Metadata

CVE ID: CVE-2022-24047

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-288

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It Issue Tracking,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-290/ Third Party Advisory,VDB Entry
https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It Issue Tracking,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-290/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24047, you might also want to check these: