CVE-2024-23163 Scanner
CVE-2024-23163 Scanner - Account Takeover vulnerability in GestSup
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
17 days 21 hours
Scan only one
Domain, IPv4
Toolbox
-
GestSup is a widely utilized open-source helpdesk management solution designed for small to medium-sized enterprises. It aids organizations in tracking and resolving customer support tickets efficiently. Numerous businesses rely on GestSup for enhancing their support services and maintaining customer satisfaction. The employment of GestSup typically spans various sectors including IT, customer service, and telecommunications. Notably, GestSup offers functionalities such as ticket prioritization, categorization, and detailed analytics. The software is predominantly used by support teams intending to streamline support processes and improve service delivery.
The account takeover vulnerability in GestSup presents a significant risk to organizations utilizing the platform. This vulnerability allows malicious actors to bypass authentication controls and hijack user accounts, particularly administrative ones. When exploited, it can lead to unauthorized access, giving attackers potential full control over the GestSup instance. This critical flaw stems from inadequate security checks within specific modules of the application. Without prompt remediation, organizations are at risk of data breaches and unauthorized system modifications. The vulnerability necessitates urgent attention to prevent exploitation and potential operational disruptions.
The technical details of the vulnerability involve the manipulation of the usermail field in the application. Attackers can conduct a password reset operation by altering this field to an address they control. The vulnerability exploits the endpoint at ajax/ticket_user_db.php, where inadequate checks allow such malicious modifications. The lack of thorough input validation and authentication checks renders this endpoint vulnerable. Attackers can craft specific HTTP requests to achieve an account takeover. Consequently, this facilitates unauthorized administrative access, compromising the integrity and security of the application.
Exploitation of this vulnerability can lead to severe consequences for targeted organizations. Attackers gaining administrative control can manipulate system settings, access sensitive information, and disrupt service operations. The compromise of support ticket data could lead to breaches of client confidentiality. It also presents opportunities for further cyberattacks, leveraging obtained access as a foothold. The unauthorized control of accounts poses a threat not only to data integrity but also to business continuity. Thus, addressing this vulnerability is paramount to safeguarding enterprise operations from potential breaches and financial losses.
REFERENCES