CVE-2024-2741
📋 TL;DR
A Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S switches allows attackers to trick authenticated users into performing unauthorized actions through their web interface sessions. This affects users with administrative access to the switch web interface. The vulnerability is present in firmware version 1.305b210528.
💻 Affected Systems
- Planet IGS-4215-16T2S
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could create new administrative accounts, modify existing accounts, or change switch configuration, potentially gaining full control of the network device.
Likely Case
Attackers could add backdoor accounts or modify network settings, leading to unauthorized access or network disruption.
If Mitigated
With proper CSRF protections and user awareness, impact is limited to unsuccessful exploitation attempts.
🎯 Exploit Status
Exploitation requires tricking authenticated users into visiting malicious web pages while logged into the switch interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in available references
Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-planet-igs-4215-16t2s
Restart Required: No
Instructions:
Check Planet website for firmware updates. If available, download and apply through web interface or CLI.
🔧 Temporary Workarounds
Implement CSRF Tokens
allAdd anti-CSRF tokens to web interface forms if custom web interface is possible
Restrict Network Access
allLimit access to switch management interface to trusted networks only
🧯 If You Can't Patch
- Implement network segmentation to isolate switch management interface
- Use browser extensions that block CSRF attempts and educate users about phishing risks
🔍 How to Verify
Check if Vulnerable:
Check firmware version via web interface: System > System Information > Firmware VersionCheck Version:
show version (CLI) or check web interface System InformationVerify Fix Applied:
Verify firmware version is updated beyond 1.305b210528📡 Detection & Monitoring
Log Indicators:
- Unexpected account creation/modification logs
- Multiple failed login attempts followed by successful account changes
Network Indicators:
- Unusual HTTP POST requests to switch management interface from unexpected sources
SIEM Query:
source="switch_logs" AND (event="user_added" OR event="user_modified") AND user_agent CONTAINS "malicious"