CVE-2020-5517

Vulnerability

The /login URI in BlueOnyx 5209R (and likely 5210R) lacked Cross-Site Request Forgery (CSRF) protection. This allowed an attacker to craft malicious requests that, when triggered by an authenticated user, could perform actions on the user's behalf. The vulnerability affects BlueOnyx 5209R and 5210R prior to the YUM updates released in November 2020 [1].

Exploitation

An attacker can exploit this by sending a crafted link or embedding a malicious request in a webpage that an authenticated BlueOnyx user visits. Since the /login endpoint does not validate CSRF tokens, the attacker can force the user's browser to submit requests to the dashboard, potentially performing actions such as scraping data or other analysis without the user's consent. No special network position is required beyond the ability to deliver the malicious payload to the victim.

Impact

Successful exploitation allows an attacker to perform actions on the BlueOnyx dashboard within the context of the victim's authenticated session. This could lead to unauthorized access to sensitive information (scraping) or other analysis. The impact is limited to actions the victim user can perform; if the victim is an administrator, the attacker could potentially compromise the entire web application.

Mitigation

BlueOnyx released YUM updates for versions 5209R and 5210R in November 2020 that enable CSRF protection by default [1]. Administrators should apply these updates to protect against CSRF attacks. The update inserts a hidden CSRF token with a configurable expiry time (default 7200 seconds) into all GUI pages, including the login page, and validates tokens on form submissions. No workaround is mentioned; applying the update is the recommended mitigation.