CVE-2020-37144

The vulnerability is a cross-site request forgery (CSRF) in the Exagate SYSGuard 6001 environmental monitoring appliance. The application fails to implement any anti-CSRF tokens or protection mechanisms in its administrative interface, specifically in the user management functionality. The endpoint /kulyon.php accepts POST requests to add new users without verifying the origin of the request, making it susceptible to CSRF attacks [3].

To exploit this, an attacker crafts an HTML form that submits a POST request to the target device at /kulyon.php with parameters for username, password, privilege level (set to 0 for admin), and a button value ("Ekle"). The attacker then lures an authenticated administrator into viewing a page containing this form, which automatically submits via JavaScript or user click. The request is processed as if it came from the legitimate admin, creating a new user account with administrative privileges [3]. No authentication is bypassed; the attack relies on the victim's session.

Successful exploitation allows an attacker to gain unauthorized administrative access to the SYSGuard 6001 device. With admin privileges, the attacker can modify system configurations, access sensitive environmental monitoring data, and potentially pivot to other network resources managed by the appliance. The CSRF attack can be performed remotely if the attacker can induce an admin to visit a malicious page while logged into the device.

Exagate has not released a security advisory or patch for this issue; the product may be end-of-life as the vendor's website no longer lists the SYSGuard 6001 [1]. The exploit was publicly disclosed via Exploit-DB in August 2019 [3]. As no official fix exists, mitigations include deploying a web application firewall, enforcing same-origin policy, and restricting access to the administrative interface to trusted networks only.