MeshCentral Users Beware of Cross-Site WebSocket Hijacking Vulnerability

CVECVE-2024-26135
CVSScvssV3_1: 8.4
SourceCVE-2024-26135

MeshCentral, a popular computer management tool, was affected by a cross-site websocket hijacking (CSWSH) vulnerability in versions prior to 1.1.21. CSWSH allows attackers to hijack active websockets connections between a victim’s browser and a server without their knowledge.

The vulnerability resided in MeshCentral’s control.ashx endpoint, which is used to perform administrative actions on the server. Attackers could exploit it by tricking users into visiting a malicious website that runs client-side JavaScript code. This code would then connect to the control endpoint pretending to be the victim, allowing the attacker to access their MeshCentral account without authentication.

CSWSH works because websockets maintain an open connection instead of making new requests like regular HTTP. So an attacker could hijack the existing connection to masquerade as the victim. This poses serious risks like taking control of managed devices or viewing/changing account settings.

The good news is MeshCentral has released version 1.1.21 with a fix for this issue. All users are advised to update immediately. Also, be cautious of unfamiliar links and ensure you are on the legitimate MeshCentral site when accessing your account. Staying on top of software updates helps shield us from vulnerabilities like this.

References