Apache NiFi RCE Vulnerability – Attackers Exfiltrate Sensitive Data


The widely used data integration tool Apache NiFi has been discovered to be susceptible to a critical security flaw tracked as CVE-2023-34468 that might allow remote code execution.

Additionally, this significant issue might allow attackers to exfiltrate sensitive information, compromise data integrity, obtain unauthorized access, and more, posing serious operational and reputational consequences.

To fix this issue, Apache NiFi’s maintainers have provided patches and upgrades.



Document

FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware


Key Details of the Vulnerability

The Remote Code Execution vulnerability has a CVSS Severity Score of 8.8 [High] and is tagged as CVE-2023-34468.

According to CYFIRMA Research, by utilizing specifically crafted H2 database connection strings, the bug enables remote code execution. H2 is a widely used embedded Java-based database in Apache NiFi installations.

“Attackers could potentially take advantage of this vulnerability to execute arbitrary code on vulnerable Apache NiFi instances. This could lead to unauthorized access, data theft, or system compromise”, researchers said.

Reports mention that there are almost 2700 publicly accessible Apache Nifi that might be affected by the CVE-2023-34468 issue.

Since Apache NiFi is utilized worldwide, the effects of this vulnerability are not geographically restricted. As a result, businesses in places like North America, Europe, Asia-Pacific, and others where Apache NiFi installations are widely distributed may be vulnerable to abuse.

This vulnerability has a potential impact on healthcare, banking, government, telecommunications, and several other industries that depend on Apache NiFi for data integration and automation but not limited to.

Particularly appealing targets may be businesses handling sensitive data or those who rely significantly on Apache NiFi’s capabilities.

If this vulnerability is successfully exploited, it can allow unauthorized code execution, which could compromise the wider technical ecosystem. 

Servers, applications, and interconnected systems that have been integrated with Apache NiFi are included in this, which increases the potential impact of a company’s technological infrastructure.

The researchers have discovered that unidentified hackers are selling Apache NiFi Exploits on dark web forums.

Affected Versions

Apache NiFi – 0.0.2 through 1.21.0

Organizations utilizing these versions are in danger and need to act right away.

Mitigation Measures

  • Users are urged to install the fixes right away.
  • Limit the vulnerability of Apache NiFi instances to untrusted networks by implementing network segmentation.
  • Keep an eye out for any unusual activity or indicators of compromise on Apache NiFi systems.
  •  Implement stringent access restrictions and authentication procedures.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.



Source link