1. What is this vulnerability and why does it matter?

This vulnerability, identified as CVE-2024-49706, is an Open Redirect flaw found in the "Internet Starter" module, which is part of the SoftCOM iKSORIS system. It matters because Open Redirect vulnerabilities can be leveraged by attackers for various malicious purposes, including phishing attacks, credential theft, and bypassing security mechanisms. By redirecting users to arbitrary malicious websites, attackers can deceive users into revealing sensitive information or downloading malware.

2. What are the CVSS score, severity level, and disclosure details?

The CVSS score for this vulnerability is 6.1. This score typically places it at a Medium severity level. The vulnerability was published on 2025-04-14 at 12:05:50 UTC and last modified on 2025-04-14 at 12:53:15 UTC.

3. Which products, vendors, systems, and versions are affected?

• Vendor: SoftCOM
• System: iKSORIS system
• Product/Module: Internet Starter
• Affected Versions: All versions prior to 79.0 are vulnerable.

4. What is the technical root cause and attack vector?

The technical root cause of this vulnerability is improper input validation. Specifically, the "Internet Starter" module fails to adequately sanitize or validate the 'target' parameter when processing POST requests to certain endpoints. This allows an attacker to supply a base64 encoded URL, which the system then uses to redirect the user without proper checks. The attack vector involves an attacker crafting a malicious POST request containing a base64 encoded URL in the 'target' parameter and inducing a victim to interact with it, leading to an arbitrary redirection.

5. How can this vulnerability be exploited?

An attacker can exploit this vulnerability by:

1. Crafting a specially designed POST request that includes a base64 encoded malicious URL in the 'target' parameter.
2. Sending this crafted request to one of the vulnerable endpoints within the "Internet Starter" module of the SoftCOM iKSORIS system.
3. Enticing a victim, through social engineering or other means (e.g., a malicious link in an email or on a website), to trigger this POST request or click on a link that initiates it.
4. Upon interaction, the victim's browser will be redirected to the attacker-controlled, base64 encoded URL, which could host phishing pages, malware, or other malicious content.

6. What mitigation steps and patches are available?

The primary mitigation step and patch available is to update the SoftCOM iKSORIS system's "Internet Starter" module to version 79.0 or later. This version includes the necessary fix to address the Open Redirect vulnerability. Organizations should apply this update immediately to protect against potential exploitation.

7. How can vulnerable systems be detected?

Vulnerable systems can be detected by identifying the version of the "Internet Starter" module installed within the SoftCOM iKSORIS system. Any installation running a version prior to 79.0 is considered vulnerable to CVE-2024-49706. System administrators should check their software inventory and configuration details to ascertain the installed version.

8. What are the indicators of compromise (IOCs)?

Based on the provided CVE data, specific indicators of compromise (IOCs) such as malicious file hashes, IP addresses, or domain names are not available. However, potential IOCs could include:

• Logs showing unusual POST requests to iKSORIS endpoints with base64 encoded URLs in the 'target' parameter.
• User reports of unexpected redirections to suspicious websites after interacting with links related to the iKSORIS system.
• Presence of phishing attempts or malware infections linked to redirections from the iKSORIS system's legitimate domain.

9. Which threat actors are known to exploit this vulnerability?

The provided CVE data does not specify any known threat actors currently exploiting CVE-2024-49706. Given the nature of Open Redirect vulnerabilities, they are commonly exploited by various threat actors, including opportunistic attackers and sophisticated groups, typically as part of phishing campaigns.

10. What public intelligence references and advisories exist?

The primary public intelligence reference for this vulnerability is its CVE identifier: CVE-2024-49706. This entry serves as the official public advisory providing details about the vulnerability, its description, CVSS score, and affected versions. Further information, if available, would typically be found in security advisories published by SoftCOM or in vulnerability databases that aggregate CVE information.

11. What is the risk assessment and urgency level?

The risk assessment for CVE-2024-49706 is Medium, as indicated by its CVSS score of 6.1. However, the urgency level for patching this vulnerability is High, especially for systems exposed to the internet or frequently used by employees/customers. Open Redirects, while not always critical on their own, significantly amplify the risk of social engineering attacks, phishing, and credential harvesting. The ease of exploitation (a crafted POST request) means that even unsophisticated attackers can leverage this flaw. Organizations should prioritize updating to version 79.0 to mitigate the potential for malicious redirects and associated security incidents.