CVE-2024-46624
📋 TL;DR
This vulnerability in InfoDom Performa 365 allows authenticated attackers to escalate their privileges to Administrator by sending a crafted payload to the /api/users endpoint. It affects organizations using InfoDom Performa 365 version 4.0.1 with authenticated user accounts.
💻 Affected Systems
- InfoDom Performa 365
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full administrative control over the system, allowing them to access sensitive data, modify configurations, create new accounts, and potentially compromise the entire environment.
Likely Case
Malicious insiders or compromised accounts exploit the vulnerability to gain administrative privileges, leading to unauthorized data access and system manipulation.
If Mitigated
With proper network segmentation and monitoring, impact is limited to the affected application instance with detection of privilege escalation attempts.
🎯 Exploit Status
Requires authenticated access and crafting specific payloads to the API endpoint. The GitHub reference contains research details but not a full exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 4.0.1 (check vendor for specific version)
Vendor Advisory: Not provided in references
Restart Required: No
Instructions:
1. Contact InfoDom for the latest patched version. 2. Backup current configuration. 3. Apply the vendor-provided patch or upgrade to a fixed version. 4. Test functionality after patching.
🔧 Temporary Workarounds
API Endpoint Restriction
allRestrict access to the /api/users endpoint to only administrative IP addresses or network segments.
Web Application Firewall Rules
allImplement WAF rules to block suspicious requests to /api/users containing privilege escalation patterns.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the Performa 365 application from sensitive systems
- Enhance monitoring of /api/users endpoint access and privilege changes in audit logs
🔍 How to Verify
Check if Vulnerable:
Check if running InfoDom Performa 365 version 4.0.1. Review application logs for unauthorized access to /api/users endpoint.Check Version:
Check application admin interface or configuration files for version informationVerify Fix Applied:
Verify the application version is updated beyond 4.0.1. Test that authenticated non-admin users cannot escalate privileges via /api/users.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /api/users from non-admin accounts
- User privilege changes from regular to administrator
Network Indicators:
- HTTP requests to /api/users with crafted payload patterns
- Unusual API traffic from authenticated sessions
SIEM Query:
source="performa_logs" AND (uri_path="/api/users" AND http_method="POST") AND user_role!="admin"