Apache HugeGraph-Server RCE Vulnerability Under Active Attack


Attackers are actively exploiting a critical remote code execution (RCE) vulnerability in Apache HugeGraph-Server, which is tracked as CVE-2024-27348. The vulnerability affects versions 1.0.0 to 1.3.0 of the popular open-source graph database tool.

The flaw, which carries a severe CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary operating system commands on vulnerable servers by exploiting missing reflection filtering in the SecurityManager.

EHA

This gives attackers complete control over the affected systems, potentially enabling data theft, network infiltration, ransomware deployment, and other malicious activities.

The Shadowserver Foundation has reported observing exploitation attempts of CVE-2024-27348 from multiple sources, specifically targeting the “/gremlin” endpoint with POST requests.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

The situation has become more urgent since early June when proof-of-concept (PoC) exploit code was publicly released on GitHub, making it easier for malicious actors to identify and compromise vulnerable systems.

To mitigate this critical security risk, users of Apache HugeGraph-Server are strongly advised to take the following actions immediately:

  1. Upgrade to version 1.3.0 or later, which includes patches for this vulnerability.
  2. Switch to Java 11, which offers improved security features.
  3. Enable the authentication system to enhance access control.
  4. Implement the “Whitelist-IP/port” function to restrict RESTful-API execution to trusted sources.

Given the severity of the vulnerability and the ongoing exploitation attempts, organizations using Apache HugeGraph-Server should prioritize these security measures to protect their systems and data from potential compromise.

The specific versions of Apache HugeGraph-Server affected by the CVE-2024-27348 vulnerability are:

  • Apache HugeGraph-Server versions 1.0.0 to 1.2.1

This vulnerability impacts all versions from the initial release 1.0.0 up to, but not including, version 1.3.0. The affected versions run on both Java 8 and Java 11 environments.

It’s important to note that version 1.3.0 and later are not vulnerable, as this version includes the patch that fixes the remote code execution vulnerability. Users are strongly advised to upgrade to version 1.3.0 or later to mitigate this security risk.

“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo





Source link