6001.0.1
CVE-2020-37144 describes a cross-site request forgery (XSRF) vulnerability discovered in Exagate SYSGuard 6001. This flaw allows attackers to create new administrative accounts without user consent by tricking users into submitting malicious forms. The vulnerability impacts version 6001–6001 of SYSGuard, and a fix is currently recommended.
The primary impact of this XSRF vulnerability is the unauthorized creation of administrative accounts. An attacker could craft a malicious HTML form, hosted on a different domain, and entice a legitimate user of Exagate SYSGuard 6001 to submit it. Upon submission, the attacker gains the ability to create a new user account with administrative privileges, effectively compromising the system. This could lead to complete control over the SYSGuard instance, including data access, configuration changes, and potentially lateral movement within the network if SYSGuard has access to other resources. The blast radius extends to any data managed by the SYSGuard system, and the attacker could leverage the administrative account to install malware or further compromise the environment.
CVE-2020-37144 was publicly disclosed on 2026-02-05. There is no indication of this vulnerability being actively exploited in the wild at this time. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations utilizing Exagate SYSGuard 6001 version 6001–6001 are at risk, particularly those with users who frequently interact with the system's administrative interface. Shared hosting environments where multiple users share the same SYSGuard instance are also at heightened risk, as an attacker could potentially target any user to gain administrative access.
• php / web:
curl -X POST -d "param1=value1&admin=true" https://target/kulyon.php 2>&1 | grep -i "user created"• generic web:
curl -I https://target/kulyon.php | grep -i "content-type: application/x-www-form-urlencoded"漏洞利用状态
EPSS
0.01% (1% 百分位)
CISA SSVC
CVSS 向量
The recommended mitigation for CVE-2020-37144 is to upgrade to a patched version of Exagate SYSGuard 6001 when available. In the absence of a patch, implementing a Web Application Firewall (WAF) with XSRF protection rules is crucial. These rules should validate the origin of requests to /kulyon.php and reject those originating from untrusted domains. Additionally, consider implementing stricter input validation and output encoding on the /kulyon.php endpoint to prevent malicious data from being processed. After implementing WAF rules, verify their effectiveness by attempting to submit a crafted XSRF request and confirming that it is blocked.
升级到 Exagate SYSGuard 6001 的最新可用版本以缓解此漏洞。请查阅 Exagate 官方文档以获取具体的升级说明和额外的安全措施。实施诸如输入验证和输出编码之类的安全措施,以防止 XSS 和 CSRF 攻击。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2020-37144 is a cross-site request forgery (XSRF) vulnerability in Exagate SYSGuard 6001 version 6001–6001, allowing attackers to create unauthorized admin accounts.
If you are using Exagate SYSGuard 6001 version 6001–6001, you are potentially affected by this vulnerability. Upgrade or implement WAF rules to mitigate the risk.
The recommended fix is to upgrade to a patched version of Exagate SYSGuard 6001. If a patch is unavailable, implement WAF rules to protect against XSRF attacks.
There is currently no evidence of CVE-2020-37144 being actively exploited in the wild.
Please refer to the Exagate website or contact their support for the official advisory regarding CVE-2020-37144.