CVE-2022-24259: Unauthenticated Privilege Escalation in Voipmonitor GUI Before v24.96

A recently discovered security vulnerability, CVE-2022-24259, is making waves in the world of VOIP. This vulnerability exists in the cdr.php component of Voipmonitor GUI before version 24.96. The flaw arises from an incorrect check, which, if exploited, allows unauthenticated attackers to escalate their privileges through a specially crafted request.

In this post, we'll go over the key elements of this vulnerability, including an overview of Voipmonitor GUI, the details of CVE-2022-24259, a code snippet demonstrating the issue, and some pointers on how to remediate or mitigate the risk.

What is Voipmonitor GUI?
Voipmonitor is a comprehensive, open-source network packet sniffer tool that captures and analyzes SIP and RTP packets. The Voipmonitor GUI provides an intuitive graphical interface for managing, visualizing, and reporting on the collected data for IT administrators and other authorized users.

CVE-2022-24259: The Vulnerability Explained
The vulnerability, CVE-2022-24259, stems from an incorrect check in the cdr.php component of the Voipmonitor GUI. The affected code snippet is given below:

if($user_account!=null) {
  $old_account_id = $user_account->getId();
  $new_account_id = isset($_POST['account_id']) ? intval($_POST['account_id']) : ;

...
}

The problem lies in the usage of the null check for $user_account. This check allows unauthenticated users to create a crafted request with a carefully chosen 'account_id' parameter, thereby escalating their privileges.

Here's an example payload

POST /cdr.php HTTP/1.1
Host: target-host
Content-Length: 15

account_id=12345

By sending a request like the one above, an attacker could potentially change the account ID in the Voipmonitor system, gaining access and control over sensitive information.

Original References and Resources
The details concerning this vulnerability were made public by security researchers. You can find more information about the original discovery and the associated proof-of-concept exploit by visiting the following links:

- Official CVE Record
- National Vulnerability Database (NVD) Summary
- Voipmonitor Changelog

Remediation or Mitigation Measures
To fix this vulnerability and protect your Voipmonitor GUI installation from potential exploits, you should take the following steps:

Upgrade your Voipmonitor GUI to version 24.96 or later if you haven't done so already.

2. Restrict access to the Voipmonitor GUI by using network-level access controls, such as firewalls, IP whitelisting, or VPNs, ensuring only authorized users can access it.
3. Regularly review your Voipmonitor GUI logs to check for any suspicious activity, such as unauthorized access attempts or unexpected changes to account settings.

Conclusion
CVE-2022-24259 poses a significant risk to Voipmonitor GUI installations, and organizations should act swiftly to apply appropriate remediation or mitigation measures. By keeping your software up to date and maintaining strict access controls, you can reduce the chances of falling victim to a successful exploit.

Stay vigilant, stay aware, and keep your Voipmonitor GUI secure!

Timeline

Published on: 02/04/2022 17:15:00 UTC
Last modified on: 04/12/2022 16:07:00 UTC