CVE-2021-47722
CSRF Vulnerability in Zucchetti Axess CLOKI Access Control
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zucchetti | axess_cloki_access_control | 1.63 |
| zucchetti | axess_cloki_access_control | 1.64 |
| zucchetti | axess_cloki_access_control | 1.54 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47722 is a Cross-Site Request Forgery (CSRF) vulnerability in Zucchetti Axess CLOKI Access Control version 1.64. It allows attackers to manipulate access control settings by tricking authenticated users into loading malicious web pages containing hidden forms. These forms send unauthorized HTTP requests to the device, enabling attackers to disable or modify access control parameters without user interaction or proper validation. This can lead to unauthorized administrative actions such as authentication bypass and password changes. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to gain unauthorized control over your access control system. Specifically, attackers can disable or alter access control settings, bypass authentication, and change administrative account passwords by exploiting the CSRF flaw. This could lead to unauthorized physical access to secured areas, compromising security and potentially causing operational disruptions. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the CLOKI Access Control web interface, specifically looking for unauthorized or suspicious POST requests to the redirect.cgi endpoint with parameters related to access control settings (e.g., flagAccessControlChanged, RAct, EnR, ExR, DenyRTout, DenyR, IType, E485, GType, TOO, TOC, TOOE, TOCE). Detection can involve capturing and analyzing web traffic for such requests, especially those originating from unexpected sources or without proper CSRF tokens. Since the vulnerability involves CSRF attacks, checking for the absence of CSRF tokens in requests and unusual changes in access control settings can help identify exploitation attempts. However, no specific commands are provided in the resources. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the CLOKI Access Control web interface to trusted networks and users only, educating users to avoid visiting untrusted or suspicious websites while authenticated, and implementing network-level protections such as web application firewalls to detect and block CSRF attack patterns. Additionally, monitoring and logging administrative actions can help detect unauthorized changes. Since the vulnerability arises from missing CSRF protections, applying any available patches or updates from the vendor is recommended, although no official response or patch was noted. If patches are not available, consider isolating the affected devices or disabling web management interfaces until a fix is applied. [1, 2, 3]