Platform
other
Component
zucchetti-axess-cloki-access-control
Fixed in
1.64.1
CVE-2021-47722 describes a cross-site request forgery (CSRF) vulnerability present in Zucchetti Axess CLOKI Access Control versions 1.64. This vulnerability allows an attacker to manipulate access control settings without requiring direct user interaction. The vulnerability impacts versions 1.64 and is resolved in version 1.64.1, with a fix now available.
The CSRF vulnerability in Zucchetti Axess CLOKI Access Control allows attackers to perform actions on behalf of authenticated users. An attacker can craft malicious web pages containing hidden forms designed to modify or disable access control parameters. Successful exploitation could lead to unauthorized access to restricted areas, modification of user permissions, or even complete compromise of the access control system. This could result in significant disruption to operations and potential data breaches, depending on the sensitivity of the data managed by the access control system.
CVE-2021-47722 has a LOW CVSS score. Public proof-of-concept exploits are not currently known. The vulnerability was published on 2025-12-23. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.01% (0% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2021-47722 is to upgrade Zucchetti Axess CLOKI Access Control to version 1.64.1 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as implementing strict input validation on all access control modification endpoints. Additionally, enforce strong user authentication practices, including multi-factor authentication (MFA), to reduce the risk of account compromise. Review and restrict access control permissions to the minimum necessary level.
Update Zucchetti Axess CLOKI Access Control to a patched version to mitigate the risk of Cross-Site Request Forgery (CSRF). Check the vendor's documentation or website for information on available updates and installation instructions. Implement additional security measures, such as input validation and output encoding, to reduce the attack surface.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2021-47722 is a cross-site request forgery vulnerability affecting Zucchetti Axess CLOKI Access Control versions 1.64, allowing attackers to manipulate access control settings without user interaction.
If you are using Zucchetti Axess CLOKI Access Control version 1.64, you are potentially affected by this vulnerability. Upgrade to version 1.64.1 or later to mitigate the risk.
The recommended fix is to upgrade to Zucchetti Axess CLOKI Access Control version 1.64.1 or a later version that addresses this vulnerability.
Currently, there are no confirmed reports of active exploitation of CVE-2021-47722, but it is crucial to apply the patch to prevent potential future attacks.
Please refer to the official Zucchetti advisory for detailed information and updates regarding CVE-2021-47722 and the available patch.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.