CVE-2022-29557 – CVE-2022-29557 is a Cross-Site Request Forgery ... (How to Fix)

Q: What is the severity of CVE-2022-29557?

CVE-2022-29557 has a CVSS score of 8.8 (HIGH). CVE-2022-29557 is a Cross-Site Request Forgery (CSRF) vulnerability in LexisNexis Firco Compliance Link 3.7 that allows attackers to trick authenticated users into performing unintended actions. This affects organizations using this compliance software for financial transaction monitoring. Attackers can potentially modify settings or perform administrative functions without the user's knowledge.

📋 TL;DR

CVE-2022-29557 is a Cross-Site Request Forgery (CSRF) vulnerability in LexisNexis Firco Compliance Link 3.7 that allows attackers to trick authenticated users into performing unintended actions. This affects organizations using this compliance software for financial transaction monitoring. Attackers can potentially modify settings or perform administrative functions without the user's knowledge.

💻 Affected Systems

Products:

LexisNexis Firco Compliance Link

Versions: Version 3.7

Operating Systems: Not OS-specific - web application vulnerability

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web interface of Firco Compliance Link. Requires user authentication for exploitation.

📦 What is this software?

Firco Compliance Link by Relx

View all CVEs affecting Firco Compliance Link →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could reconfigure compliance rules, disable monitoring, or modify system settings leading to regulatory violations and financial penalties.

🟠

Likely Case

Attackers modify user permissions, change alert thresholds, or tamper with compliance configurations to bypass monitoring.

🟢

If Mitigated

With proper CSRF protections and user awareness, impact is limited to unsuccessful attack attempts.

🌐 Internet-Facing: HIGH if the application is exposed to the internet, as CSRF attacks can originate from any website visited by authenticated users.

🏢 Internal Only: MEDIUM as internal attackers could still craft malicious pages, but attack surface is reduced compared to internet exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement. Requires authenticated user to visit malicious page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact LexisNexis for patched version

Vendor Advisory: Not publicly available - contact vendor directly

Restart Required: Yes

Instructions:

1. Contact LexisNexis support for patch. 2. Apply vendor-provided patch. 3. Restart application services. 4. Verify CSRF tokens are implemented.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing requests

Application-specific implementation required

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax on session cookies

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

Implement web application firewall (WAF) with CSRF protection rules
Educate users about CSRF risks and safe browsing practices

🔍 How to Verify

Check if Vulnerable:

Test forms and state-changing endpoints for missing CSRF tokens using tools like Burp Suite or OWASP ZAP

Check Version:

Check application version in web interface or contact vendor

Verify Fix Applied:

Verify all POST/PUT/DELETE requests include unique CSRF tokens that are validated server-side

📡 Detection & Monitoring

Log Indicators:

Multiple state-changing requests from same user without corresponding GET requests
Requests missing expected CSRF tokens

Network Indicators:

HTTP requests with Referer headers pointing to external domains
Unusual POST requests to administrative endpoints

SIEM Query:

web_requests method=POST AND NOT csrf_token=* AND user=authenticated

📊 Metadata

CVE ID: CVE-2022-29557

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: February 15, 2023

Last Updated: March 20, 2025

🔗 References

https://github.com/Q2Flc2FySec/CVE-List/blob/main/CVE-2022-29557.txt Third Party Advisory
https://github.com/Q2Flc2FySec/CVE-List/blob/main/CVE-2022-29557.txt Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29557, you might also want to check these: