CVE-2023-43317 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-43317?

CVE-2023-43317 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote attackers to escalate privileges in Coign CRM Portal v.06.06 by manipulating the userPermissionsList parameter in the Session Storage component. Attackers can gain administrative access without proper authentication. Organizations using this specific version of Coign CRM Portal are affected.

📋 TL;DR

This vulnerability allows remote attackers to escalate privileges in Coign CRM Portal v.06.06 by manipulating the userPermissionsList parameter in the Session Storage component. Attackers can gain administrative access without proper authentication. Organizations using this specific version of Coign CRM Portal are affected.

💻 Affected Systems

Products:

Coign CRM Portal

Versions: v.06.06

Operating Systems: Any OS running Coign CRM Portal

Default Config Vulnerable: ⚠️ Yes

Notes: Only version 06.06 is confirmed affected. Other versions may be vulnerable but not confirmed.

📦 What is this software?

Coign by Coign

View all CVEs affecting Coign →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers gain administrative privileges, access sensitive customer data, modify system configurations, and potentially deploy ransomware or other malware.

🟠

Likely Case

Unauthorized privilege escalation leading to data theft, unauthorized access to CRM functions, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and monitoring in place to detect privilege escalation attempts.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects web-facing CRM portals, making them prime targets for external attackers.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to escalate privileges, but external exposure presents greater risk.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires some level of access but privilege escalation is straightforward once initial access is obtained. Public proof-of-concept code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates or consider upgrading to newer supported versions if available.

🔧 Temporary Workarounds

Session Validation Enhancement

all

Implement server-side validation of session permissions to prevent client-side manipulation

Implement server-side validation in session management code to verify userPermissionsList integrity

Access Control Hardening

all

Implement additional authentication checks for sensitive operations

Add multi-factor authentication for administrative functions
Implement role-based access control with server-side validation

🧯 If You Can't Patch

Isolate Coign CRM Portal behind a web application firewall (WAF) with rules to detect privilege escalation attempts
Implement strict network segmentation to limit the CRM portal's access to other systems
Enable detailed logging of all session changes and permission modifications
Implement regular credential rotation and monitor for unusual privilege changes

🔍 How to Verify

Check if Vulnerable:

Check if running Coign CRM Portal version 06.06. Attempt to manipulate userPermissionsList parameter in session storage and observe if privilege escalation occurs.

Check Version:

Check application version in admin panel or configuration files. Look for version 06.06 in application metadata.

Verify Fix Applied:

Test if session permission manipulation no longer results in privilege escalation. Verify server-side validation is properly implemented.

📡 Detection & Monitoring

Log Indicators:

Unusual session permission changes
Multiple privilege escalation attempts
Administrative actions from non-admin accounts
Modified userPermissionsList parameters in logs

Network Indicators:

Unusual patterns of session manipulation requests
Multiple failed privilege escalation attempts followed by successful ones

SIEM Query:

source="coign_crm" AND (event_type="session_modification" OR user_permissions_changed="true") AND user_role_changed="true"

📊 Metadata

CVE ID: CVE-2023-43317

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: January 24, 2024

Last Updated: June 20, 2025

🔗 References

https://github.com/amjadali-110/CVE-2023-43317/ Exploit,Third Party Advisory
https://github.com/amjadali-110/CVE-2023-43317/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43317, you might also want to check these: