8.1 CVE-2024-45217
Insecure Default Initialization of Resource vulnerability in Apache Solr.
New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata.
ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request.
"trusted" ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized.
This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization.
Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise.
https://nvd.nist.gov/vuln/detail/CVE-2024-45217
Categories
CWE-1188 : Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure. insecure default variable initialization in BIOS firmware for a hardware board allows DoS A generic database browser interface has a default mode that exposes a web server to the network, allowing queries to the database.
References
CPE
REMEDIATION
EXPLOITS
Exploit-db.com
| id |
description |
date |
|
| No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id |
description |
severity |
| 665 |
Exploitation of Thunderbolt Protection Flaws
[Survey physical victim environment and potential Thunderbolt system targets] The adversary monitors the target's physical environment to identify systems with Thunderbolt interfaces, identify potential weaknesses in physical security in addition to periods of nonattendance by the victim over their Thunderbolt interface equipped devices, and when the devices are in locked or sleep state. [Evaluate the target system and its Thunderbolt interface] The adversary determines the device's operating system, Thunderbolt interface version, and any implemented Thunderbolt protections to plan the attack. [Obtain and/or clone firmware image] The adversary physically manipulates Thunderbolt enabled devices to acquire the firmware image from the target and/or adversary Thunderbolt host controller's SPI (Serial Peripheral Interface) flash. [Parse and locate relevant firmware data structures and information based upon Thunderbolt controller model, firmware version, and other information] The acquired victim and/or adversary firmware image is parsed for specific data and other relevant identifiers required for exploitation, based upon the victim device information and firmware version. [Disable Thunderbolt security and prevent future Thunderbolt security modifications (if necessary)] The adversary overrides the target device's Thunderbolt Security Level to "None" (SL0) and/or enables block protections upon the SPI flash to prevent the ability for the victim to perform and/or recognize future Thunderbolt security modifications as well as update the Thunderbolt firmware. [Modify/replace victim Thunderbolt firmware image] The modified victim and/or adversary thunderbolt firmware image is written to attacker SPI flash. [Connect adversary-controlled thunderbolt enabled device to victim device and verify successful execution of malicious actions] The adversary needs to determine if their exploitation of selected vulnerabilities had the intended effects upon victim device. [Exfiltration of desired data from victim device to adversary device] Utilize PCIe tunneling to transfer desired data and information from victim device across Thunderbolt connection. |
Very High |
MITRE
Techniques
| id |
description |
| T1211 |
Exploitation for Defensive Evasion |
| T1542.002 |
Pre-OS Boot:Component Firmware |
| T1556 |
Modify Authentication Process |
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
Mitigations
| id |
description |
| T1211 |
Update software regularly by employing patch management for internal enterprise endpoints and servers. |
| T1542.002 |
Perform regular firmware updates to mitigate risks of exploitation and/or abuse. |
| T1556 |
Ensure that proper policies are implemented to dictate the the secure enrollment and deactivation of authentication mechanisms, such as MFA, for user accounts. |
| © 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation. |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer
