CVE-2021-47722 - Vulnerability Details

Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking authenticated users into loading the page.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Zucchetti	Axess Cloki Access Control

No data.

References

Link	Providers
https://www.axesstmc.com
https://www.exploit-db.com/exploits/50595
https://www.vulncheck.com/advisories/zucchetti-axess-cloki-access-control-cross-site-request-forgery
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5689.php

History

Wed, 24 Dec 2025 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zucchetti Zucchetti axess Cloki Access Control
Vendors & Products		Zucchetti Zucchetti axess Cloki Access Control

Tue, 23 Dec 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 23 Dec 2025 19:45:00 +0000

Type	Values Removed	Values Added
Description		Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking authenticated users into loading the page.
Title		Zucchetti Axess CLOKI Access Control 1.64 Cross-Site Request Forgery
Weaknesses		CWE-352
References		https://www.axesstmc.com https://www.exploit-db.com/exploits/50595 https://www.vulncheck.com/advisories/zucchetti-axess-cloki-access-control-cross-site-request-forgery https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5689.php
Metrics		cvssV3_1 `{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-23T19:34:07.307Z

Updated: 2025-12-23T20:05:03.518Z

Reserved: 2025-12-07T14:25:05.584Z

Link: CVE-2021-47722

Vulnrichment

Updated: 2025-12-23T20:04:53.675Z

NVD

Status : Received

Published: 2025-12-23T20:15:44.660

Modified: 2025-12-23T20:15:44.660

Link: CVE-2021-47722

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object