CVE-2022-43308 is a high-severity vulnerability affecting the INTELBRAS SG 2404 MR device, specifically the firmware version 20180928-rel64938. This vulnerability allows an authenticated attacker to escalate privileges by arbitrarily creating new Administrator accounts through the manipulation of crafted user cookies. The attack vector requires the attacker to have some level of authenticated access (low privileges) to the device's web interface or management system. By exploiting insufficient validation or improper handling of user cookies, the attacker can bypass normal access controls and gain full administrative rights. This leads to complete compromise of the device, including confidentiality, integrity, and availability of its functions and data. The CVSS 3.1 base score of 7.8 reflects the high impact on confidentiality, integrity, and availability, combined with the relatively low complexity of the attack (low attack complexity and no user interaction required). The vulnerability is categorized under CWE-269 (Improper Privilege Management), indicating a failure to properly restrict user permissions. No public exploits are currently known in the wild, and no patches or vendor advisories have been linked, suggesting that mitigation may require manual intervention or vendor updates. The affected product is a network device likely used in enterprise or organizational environments for network management or security purposes.

For European organizations, this vulnerability poses a significant risk, especially for those using INTELBRAS SG 2404 MR devices in their network infrastructure. Successful exploitation can lead to unauthorized administrative access, allowing attackers to manipulate network configurations, intercept or redirect traffic, deploy malware, or disrupt network services. This could compromise sensitive data, violate data protection regulations such as GDPR, and cause operational downtime. The ability to create administrator accounts stealthily also increases the risk of persistent threats and insider-like attacks. Given the critical role of network devices in organizational security, this vulnerability could facilitate lateral movement within networks and escalate attacks. Organizations in sectors with stringent compliance requirements, such as finance, healthcare, and critical infrastructure, would be particularly impacted by such a compromise.

To mitigate this vulnerability, European organizations should first identify all instances of the INTELBRAS SG 2404 MR device within their environment. Since no official patches are currently linked, organizations should: 1) Restrict access to the device management interfaces to trusted networks and users only, employing network segmentation and firewall rules to limit exposure. 2) Enforce strong authentication mechanisms and monitor for unusual account creation or privilege escalation activities. 3) Implement strict session management and cookie validation policies, possibly through additional security layers such as web application firewalls (WAFs) that can detect and block anomalous cookie manipulations. 4) Regularly audit device logs for signs of unauthorized administrative account creation. 5) Engage with the vendor or authorized support channels to obtain firmware updates or security advisories. 6) Consider replacing or isolating vulnerable devices if timely patches are unavailable. 7) Educate administrators on secure management practices and the risks of privilege escalation attacks.