CVE-2020-37144
Unknown Unknown - Not Provided

CSRF in Exagate SYSGuard 6001 Enables Unauthorized Admin Creation

Vulnerability report for CVE-2020-37144, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-05

Last updated on: 2026-02-05

Assigner: VulnCheck

Description

Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without the victim's consent.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-05
Last Modified
2026-02-05
Generated
2026-07-06
AI Q&A
2026-02-05
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
exagate sysguard 6001

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "The vulnerability is a Cross-Site Request Forgery (CSRF) in Exagate SYSGuard 6001. It allows attackers to create unauthorized administrative accounts by tricking users into submitting a malicious HTML form. This form sends a crafted POST request to the /kulyon.php endpoint, which adds a new user with administrative privileges without the victim's consent."}, {'type': 'paragraph', 'content': 'The attacker exploits the CSRF flaw by embedding hidden fields in the form that specify the username, password, and privilege level for the new admin user. When the victim unknowingly submits this form, the attacker gains administrative access to the system.'}] [2]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can lead to unauthorized administrative access to the SYSGuard 6001 system. An attacker can add a new admin user without authorization, potentially allowing them to control, manipulate, or disrupt the system's operations."}, {'type': 'paragraph', 'content': 'Such unauthorized access could compromise the security and integrity of the monitored infrastructure, leading to potential data manipulation, loss of control over environmental monitoring, and increased risk of further attacks.'}] [2]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthorized POST requests to the /kulyon.php endpoint that attempt to create new administrative users. Specifically, look for HTTP POST requests containing parameters that add a user with administrative privileges.'}, {'type': 'paragraph', 'content': 'You can use network monitoring tools or web server logs to detect suspicious activity. For example, using command-line tools like curl or tcpdump to inspect traffic or grep to search logs for POST requests to /kulyon.php.'}, {'type': 'list_item', 'content': "Check web server access logs for POST requests to /kulyon.php: grep 'POST /kulyon.php' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "Use tcpdump to capture HTTP POST traffic to the vulnerable endpoint: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/kulyon.php'"}, {'type': 'list_item', 'content': 'Use curl to test the vulnerability by submitting a crafted POST request similar to the exploit form.'}] [2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the /kulyon.php endpoint to trusted users only and implementing CSRF protection mechanisms such as tokens to prevent unauthorized form submissions.

Additionally, monitor and audit user account creation activities to detect any unauthorized administrative accounts.

If possible, update or patch the SYSGuard 6001 software to a version that addresses this vulnerability or contact the vendor for security updates.

As a temporary measure, consider disabling the vulnerable functionality or restricting HTTP methods to prevent POST requests to the vulnerable script.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37144. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart