CVE-2022-24255 – Extensis Portfolio v4.0 contains hardcoded admi... (How to Fix)

Q: What is the severity of CVE-2022-24255?

CVE-2022-24255 has a CVSS score of 8.8 (HIGH). Extensis Portfolio v4.0 contains hardcoded administrator credentials that allow attackers to bypass authentication and gain full administrative control of the system. This affects all deployments of Portfolio v4.0, particularly those exposed to untrusted networks or where attackers have internal access.

📋 TL;DR

Extensis Portfolio v4.0 contains hardcoded administrator credentials that allow attackers to bypass authentication and gain full administrative control of the system. This affects all deployments of Portfolio v4.0, particularly those exposed to untrusted networks or where attackers have internal access.

💻 Affected Systems

Products:

Extensis Portfolio

Versions: v4.0

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of Portfolio v4.0 are vulnerable regardless of configuration.

📦 What is this software?

Portfolio by Extensis

View all CVEs affecting Portfolio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative privileges, allowing data theft, system modification, installation of malware, and lateral movement to connected systems.

🟠

Likely Case

Unauthorized administrative access leading to data exfiltration, configuration changes, and potential ransomware deployment.

🟢

If Mitigated

Limited impact if system is isolated with strict network controls and monitoring, though credentials could still be used if accessed.

🌐 Internet-Facing: HIGH - Internet-facing instances can be directly attacked using the hardcoded credentials without any authentication.

🏢 Internal Only: HIGH - Internal attackers or compromised systems can use the credentials to gain administrative privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attackers only need to know the hardcoded credentials, which have been publicly disclosed. No special tools or skills required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.0.1 or later

Vendor Advisory: http://extensis.com

Restart Required: Yes

Instructions:

1. Download latest version from Extensis website. 2. Backup current installation. 3. Run installer to upgrade. 4. Restart Portfolio services. 5. Verify new credentials are in use.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to Portfolio to only trusted IP addresses

Credential Rotation

all

Manually change administrator password if possible

🧯 If You Can't Patch

Isolate the Portfolio server in a separate network segment with strict firewall rules
Implement multi-factor authentication if supported, or place behind a VPN/proxy with additional authentication

🔍 How to Verify

Check if Vulnerable:

Check if Portfolio version is 4.0. Attempt to authenticate with known hardcoded credentials (if disclosed).

Check Version:

Check Portfolio web interface or installation directory for version information

Verify Fix Applied:

Verify Portfolio version is 4.0.1 or later. Attempt to authenticate with old hardcoded credentials should fail.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful login with default credentials
Administrative actions from unexpected IP addresses

Network Indicators:

Authentication requests to Portfolio admin interface from untrusted sources
Unusual data transfers from Portfolio server

SIEM Query:

source="portfolio.log" AND (event="login_success" AND user="admin") OR (event="admin_action" AND src_ip NOT IN trusted_ips)

📊 Metadata

CVE ID: CVE-2022-24255

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: March 1, 2022

Last Updated: November 21, 2024

🔗 References

http://extensis.com Product
http://portfolio.com Not Applicable
https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/ Exploit,Third Party Advisory
http://extensis.com Product
http://portfolio.com Not Applicable
https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24255, you might also want to check these: