Login Sign Up

CVE-2023-23465

9.1 CRITICAL
Authentication Bypass CSRF

📋 TL;DR

CVE-2023-23465 is a Cross-Site Request Forgery (CSRF) vulnerability in Media CP Media Control Panel that allows attackers to trick authenticated users into performing unintended actions. This affects all users of the latest version of Media CP Media Control Panel. Attackers can exploit this to modify settings, change configurations, or perform administrative actions without the user's knowledge.

💻 Affected Systems

Products:
  • Media CP Media Control Panel
Versions: Latest version (specific version not specified in CVE)
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the latest version of Media CP Media Control Panel. The exact vulnerable endpoint is unspecified in the CVE description.

📦 What is this software?

Media Control Panel by Mediacp

View all CVEs affecting Media Control Panel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Media Control Panel, allowing attackers to reconfigure settings, disable security controls, or gain administrative access to the system.

🟠

Likely Case

Unauthorized configuration changes, service disruption, or data manipulation through tricking authenticated administrators into clicking malicious links.

🟢

If Mitigated

Limited impact with proper CSRF protections, same-origin policies, and user awareness training in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

CSRF attacks typically require the victim to be authenticated and visit a malicious page. No public proof-of-concept has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: https://www.gov.il/en/Departments/faq/cve_advisories

Restart Required: No

Instructions:

1. Monitor vendor advisory for patch release. 2. Apply patch when available. 3. Verify fix implementation.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing endpoints

Same-Site Cookie Attribute

all

Set SameSite=Strict or Lax attributes on session cookies

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to detect CSRF patterns
  • Restrict access to Media Control Panel to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Check if Media Control Panel endpoints lack CSRF protection by inspecting forms and requests for anti-CSRF tokens

Check Version:

Check Media Control Panel interface or configuration files for version information

Verify Fix Applied:

Verify that all state-changing endpoints require valid CSRF tokens and implement SameSite cookie attributes

📡 Detection & Monitoring

Log Indicators:

  • Multiple state-changing requests from same user without corresponding GET requests
  • Requests missing expected CSRF tokens

Network Indicators:

  • HTTP POST/PUT/DELETE requests to Media Control Panel endpoints without Referer header validation

SIEM Query:

source="media_control_panel" AND (http_method="POST" OR http_method="PUT" OR http_method="DELETE") AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2023-23465
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-352
Published: February 15, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23465, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)