Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: KIBANA VULNERABILITY LET ATTACKERS EXECUTE ARBITRARY CODE, PATCH IMMEDIATELY!
Image
Published : 08/08/2024
Reference:
Advisory #2024-119
Version:
1.0
Affected software:
Kibana 8.x versions prior to 8.14.2 and Kibana 7.x versions prior to 7.17.23
Type:
Arbitrary Code Execution
CVE/CVSS:
CVE-2024-37287
CVSS: 9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Sources
Risks
Kibana is an open-source data visualization tool.
CVE-2024-37287 is a vulnerability in Kibana. If exploited successfully, the vulnerability can lead to arbitrary code execution.
Description
This vulnerability in Kibana 8 prior to version 8.14.2 and Kibana 7 prior to version 7.17.23 allows attackers with access to the Machine Learning (ML) and Alerting connector features, as well as write access to internal ML indices, to trigger a prototype vulnerability. This can lead to arbitrary code execution.
Users should upgrade to version 8.14.2 and 7.17.23.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
- Vulnerable Kibana 8 systems should be upgraded to version 8.14.2.
- Vulnerable Kibana 7 systems should be upgraded to version 7.17.23.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.