प्लेटफ़ॉर्म
other
घटक
zucchetti-axess-cloki-access-control
में ठीक किया गया
1.64.1
CVE-2021-47722 describes a cross-site request forgery (CSRF) vulnerability present in Zucchetti Axess CLOKI Access Control versions 1.64. This vulnerability allows an attacker to manipulate access control settings without requiring direct user interaction. The vulnerability impacts versions 1.64 and is resolved in version 1.64.1, with a fix now available.
The CSRF vulnerability in Zucchetti Axess CLOKI Access Control allows attackers to perform actions on behalf of authenticated users. An attacker can craft malicious web pages containing hidden forms designed to modify or disable access control parameters. Successful exploitation could lead to unauthorized access to restricted areas, modification of user permissions, or even complete compromise of the access control system. This could result in significant disruption to operations and potential data breaches, depending on the sensitivity of the data managed by the access control system.
CVE-2021-47722 has a LOW CVSS score. Public proof-of-concept exploits are not currently known. The vulnerability was published on 2025-12-23. It is not currently listed on the CISA KEV catalog.
Organizations utilizing Zucchetti Axess CLOKI Access Control version 1.64, particularly those with sensitive data or critical infrastructure managed by the access control system, are at risk. Shared hosting environments where multiple users share the same CLOKI instance are also at increased risk.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.01% (0% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2021-47722 is to upgrade Zucchetti Axess CLOKI Access Control to version 1.64.1 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as implementing strict input validation on all access control modification endpoints. Additionally, enforce strong user authentication practices, including multi-factor authentication (MFA), to reduce the risk of account compromise. Review and restrict access control permissions to the minimum necessary level.
Actualice Zucchetti Axess CLOKI Access Control a una versión corregida para mitigar el riesgo de Cross-Site Request Forgery (CSRF). Verifique la documentación del proveedor o su sitio web para obtener información sobre las actualizaciones disponibles y las instrucciones de instalación. Implemente medidas de seguridad adicionales, como la validación de entrada y la codificación de salida, para reducir la superficie de ataque.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2021-47722 is a cross-site request forgery vulnerability affecting Zucchetti Axess CLOKI Access Control versions 1.64, allowing attackers to manipulate access control settings without user interaction.
If you are using Zucchetti Axess CLOKI Access Control version 1.64, you are potentially affected by this vulnerability. Upgrade to version 1.64.1 or later to mitigate the risk.
The recommended fix is to upgrade to Zucchetti Axess CLOKI Access Control version 1.64.1 or a later version that addresses this vulnerability.
Currently, there are no confirmed reports of active exploitation of CVE-2021-47722, but it is crucial to apply the patch to prevent potential future attacks.
Please refer to the official Zucchetti advisory for detailed information and updates regarding CVE-2021-47722 and the available patch.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।