CVE-2024-51995 – This vulnerability in Combodo iTop allows attac... (How to Fix)

Q: What is the severity of CVE-2024-51995?

CVE-2024-51995 has a CVSS score of 7.1 (HIGH). This vulnerability in Combodo iTop allows attackers to bypass access controls by specifying arbitrary routes through allowed operations. It affects all iTop users running versions before 3.2.0, enabling unauthorized access to functionality that should be restricted.

📋 TL;DR

This vulnerability in Combodo iTop allows attackers to bypass access controls by specifying arbitrary routes through allowed operations. It affects all iTop users running versions before 3.2.0, enabling unauthorized access to functionality that should be restricted.

💻 Affected Systems

Products:

Combodo iTop

Versions: All versions before 3.2.0

Operating Systems: Any OS running iTop

Default Config Vulnerable: ⚠️ Yes

Notes: All iTop installations with default configuration are vulnerable.

📦 What is this software?

Itop by Combodo

View all CVEs affecting Itop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through privilege escalation, data exfiltration, or service disruption by accessing administrative functions.

🟠

Likely Case

Unauthorized access to sensitive data or functionality that should be restricted based on user roles.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls are in place, but still represents a security bypass.

🌐 Internet-Facing: HIGH - Web-based application accessible from internet with authentication bypass vulnerability.

🏢 Internal Only: HIGH - Even internally, this allows privilege escalation and unauthorized access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires some authentication but can bypass authorization controls once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.0

Vendor Advisory: https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9

Restart Required: Yes

Instructions:

1. Backup your iTop installation and database. 2. Download iTop version 3.2.0 or later. 3. Follow the official iTop upgrade procedure. 4. Restart the web server service.

🧯 If You Can't Patch

Implement strict network access controls to limit iTop access to authorized users only.
Monitor authentication and authorization logs for suspicious access patterns.

🔍 How to Verify

Check if Vulnerable:

Check iTop version in the web interface or configuration files. Versions before 3.2.0 are vulnerable.

Check Version:

Check the iTop web interface or examine the 'itop-version.php' file in the installation directory.

Verify Fix Applied:

Verify iTop version is 3.2.0 or later and test that unauthorized route access is properly blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to ajax.render.php with unexpected route parameters
Authorization failures for routes that should be accessible

Network Indicators:

HTTP requests to ajax.render.php with unusual route parameters
Increased traffic to administrative endpoints from non-admin users

SIEM Query:

web.url: "*ajax.render.php*" AND web.query: "*route=*" AND NOT user.role: "admin"

📊 Metadata

CVE ID: CVE-2024-51995

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE: CWE-284

Published: November 7, 2024

Last Updated: March 27, 2025

🔗 References

https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51995, you might also want to check these: