Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CRITICAL VULNERABILITY IN RASPAP ALLOWS FOR PRIVILEGE ESCALATION, PATCH IMMEDIATELY!
Image
Published : 31/07/2024
Reference:
Advisory #2024-116
Version:
1.0
Affected software:
RaspAP
Type:
Privilege escalation
CVE/CVSS:
CVE-2024-41637
CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Sources
Risks
The primary risk posed by the CVE-2024-41637 vulnerability in RaspAP is the escalation of privileges from a standard user to the root user. This could lead to complete system compromise, allowing attackers to execute any command with root privileges.
Furthermore, the vulnerability has a high impact on confidentiality, integrity, and availability.
Description
An attacker can modify the restapi.service file to inject malicious code that will be executed with root privileges when the service is restarted.
Potential actions by an attacker:
- System Modification: An attacker with root access can modify any file, including system files and configurations, install backdoors, or other malicious software.
- Data Theft: An attacker can access and exfiltrate sensitive data stored on the device.
- Network Attacks: An attacker could intercept network traffic, launch attacks against other connected devices, or redirect users to malicious websites.
- Denial of Service: The attacker could disable critical services or the entire device.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. To fix this vulnerability change the permissions on /lib/systemd/system/restapi.service to disallow www-data from modifying it.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.