CVE-2022-41413 - perfSONAR v4.x <= v4.4.5 CSRF Vulnerability in Search Function Exploitation

A significant vulnerability has been discovered in perfSONAR versions 4.. up to 4.4.5, identified as CVE-2022-41413. perfSONAR is a popular network measurement toolkit that allows sysadmins and network operators to measure and troubleshoot performance issues in their networks. The vulnerability is a Cross-Site Request Forgery (CSRF) attack that occurs when an attacker is successfully able to inject malicious input into the Search function of the perfSONAR web interface.

In this post, we will provide an in-depth analysis of this vulnerability, including the original references, code snippets, and exploit details. We will also discuss potential solutions and mitigations to protect your perfSONAR systems from being compromised.

Exploit Details

The CSRF vulnerability exists in the Search function of the perfSONAR web interface, allowing an attacker to inject malicious input. The attacker can then force the victim to perform unwanted actions, such as changing configuration settings, unknowingly running malicious tests, or even deleting important data.

Here is a code snippet showcasing the vulnerable part of the code in the Search function of perfSONAR:

@app.route('/search', methods=['GET', 'POST'])
def search():
    if request.method == 'POST':
        query = request.form['query']
        # ...
        results = perform_search(query)
        return render_template('search.html', results=results)

As seen in the code snippet above, the query parameter is directly obtained from user input via the request.form dictionary without any proper validation or sanitization. Because of this, an attacker can simply craft a malicious link containing the targeted CSRF exploit and trick the user into clicking the link or visiting a website containing the exploit code.

For example, the attacker can create the following HTML form snippet

<form action="http://perfsonar.example.com/search"; method="POST" id="csrf_form">
    <input type="hidden" name="query" value="MALICIOUS_PAYLOAD" />
</form>
<script>
    document.getElementById('csrf_form').submit();
</script>

Links to Original References

The vulnerability has been assigned the CVE identifier CVE-2022-41413 and reported by several security researchers and industry professionals. Here are some important references to learn more about this vulnerability:

1. CVE Details - CVE-2022-41413
2. perfSONAR Security Advisory - perfSONAR-SA-2022-01
3. National Vulnerability Database - CVE-2022-41413

To protect your perfSONAR systems from this CSRF vulnerability, you can follow these steps

1. Update your perfSONAR installation to the latest version (v4.4.6 or higher) as soon as possible, as this version contains a fix for the vulnerability.
2. Enable CSRF protection on your perfSONAR system by deploying CSRF tokens and verifying their presence on form submissions.
3. Implement Content Security Policy (CSP) on your server to restrict cross-origin requests and reduce the attack surface.

Conclusion

The CSRF vulnerability in perfSONAR v4.x <= v4.4.5 is a significant security risk that can cause unwanted actions and potential data loss for affected users. sysadmins and network operators should take this vulnerability seriously and follow the mitigation steps outlined above to protect their systems against this attack. Stay up-to-date with the latest security alerts and patches to ensure the safety and stability of your network infrastructure.

Timeline

Published on: 11/30/2022 05:15:00 UTC
Last modified on: 04/03/2023 20:15:00 UTC