CVE-2024-50858 – GestioIP v3.5.7 contains CSRF vulnerabilities i... (How to Fix)

Q: What is the severity of CVE-2024-50858?

CVE-2024-50858 has a CVSS score of 8.8 (HIGH). GestioIP v3.5.7 contains CSRF vulnerabilities in multiple endpoints that allow attackers to trick authenticated administrators into performing unauthorized actions. This can lead to data modification, deletion, or exfiltration when administrators visit malicious websites while logged into GestioIP. All organizations using the vulnerable version are affected.

📋 TL;DR

GestioIP v3.5.7 contains CSRF vulnerabilities in multiple endpoints that allow attackers to trick authenticated administrators into performing unauthorized actions. This can lead to data modification, deletion, or exfiltration when administrators visit malicious websites while logged into GestioIP. All organizations using the vulnerable version are affected.

💻 Affected Systems

Products:

GestioIP

Versions: v3.5.7 and possibly earlier versions

Operating Systems: All platforms running GestioIP

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of the affected version are vulnerable by default. The vulnerability affects multiple endpoints, not just specific configurations.

📦 What is this software?

Gestioip by Gestioip

View all CVEs affecting Gestioip →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of GestioIP data including network configuration deletion, IP address management tampering, and potential credential theft leading to broader network compromise.

🟠

Likely Case

Unauthorized modification or deletion of IP address assignments, network configurations, and administrative settings within GestioIP.

🟢

If Mitigated

Limited impact with proper CSRF protections and administrative awareness, though some risk remains from sophisticated attacks.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the victim to be authenticated as an administrator and visit a malicious website. No authentication bypass is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.5.8 or later

Vendor Advisory: http://www.gestioip.net

Restart Required: No

Instructions:

1. Backup current GestioIP installation and database. 2. Download latest version from official website. 3. Replace vulnerable files with patched version. 4. Verify CSRF tokens are implemented on all endpoints.

🔧 Temporary Workarounds

Implement CSRF Protection Headers

all

Add CSRF tokens or SameSite cookie attributes to protect against cross-site request forgery

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

Admin Session Timeout Reduction

all

Reduce administrative session timeout to minimize exposure window

Modify session configuration to reduce timeout (e.g., session.gc_maxlifetime in PHP)

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF attempts
Require administrators to use separate browser profiles or incognito mode for GestioIP access only

🔍 How to Verify

Check if Vulnerable:

Check if GestioIP version is 3.5.7 or earlier. Review application endpoints for missing CSRF tokens.

Check Version:

Check GestioIP web interface footer or configuration files for version information

Verify Fix Applied:

Verify version is 3.5.8 or later. Test endpoints to confirm CSRF tokens are present and validated.

📡 Detection & Monitoring

Log Indicators:

Multiple administrative actions from same session in rapid succession
Requests missing CSRF tokens or referer headers

Network Indicators:

External domains making POST requests to GestioIP endpoints
Unusual administrative activity patterns

SIEM Query:

source="gestioip" AND (action="modify" OR action="delete") AND NOT referer="*gestioip*"

📊 Metadata

CVE ID: CVE-2024-50858

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

EPSS Score: 0.14% exploit probability (33.7th percentile)

Published: January 14, 2025

Last Updated: June 6, 2025

🔗 References

http://www.gestioip.net Product
https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50858 Exploit,Third Party Advisory
https://github.com/muebel/gestioip-docker-compose Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50858, you might also want to check these: