Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CRITICAL VULNERABILITY IN MOBILE SECURITY FRAMEWORK CAN LEAD TO REMOTE CODE EXECUTION, PATCH IMMEDIATELY!
Image
Published : 27/08/2024
Reference:
Advisory #2024-211
Version:
1.0
Affected software:
Mobile Security Framework (MobSF) before version 4.0.7
Type:
Zip Slip (arbitrary file overwrite that can result to Remote Code Execution) vulnerability
CVE/CVSS:
CVE-2024-43399 / CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43399
Risks
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The vulnerability could allow an attacker to gain full control of the server that the vulnerable application is running on. The attack can be achieved remotely.
A proof-of-concept is available, which allows attackers to perform the attack more easily.
Description
The software has a faulty implementation in the functionality that should prevent Zip Slip attacks, an arbitrary file overwrite which can result in Remote Code Execution.
When the application scans a malicious file with the “.a” extension, it allows files to be extracted to any location on the server were the application is running. This can overwrite any existing file on the server and subsequently lead to Remote Code Execution.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
GitHub: https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-4hh3-vj32-gr6j