Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: PATCH IS AVAILABLE FOR CVE-2024-8517 IN SPIP OPEN-SOURCE CONTENT MANAGEMENT SYSTEM! PATCH IMMEDIATELY!
Image
Published : 11/09/2024
Reference:
Advisory #2024-219
Version:
1.0
Affected software:
SPIP open-source content management system
Type:
Command injection vulnerability
CVE/CVSS:
CVE-2024-8517: CVSS 9.8(CVSS:3.1/ AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Risks
A critical severity vulnerability, CVE-2024-8517, was discovered in SPIP, a popular open-source content management system. The vulnerability derives from a command injection flaw in the BigUp plugin.
The wide use of SPIP by a diverse range of organisations and individuals, combined with the severity of the vulnerability (with high impact on confidentiality, integrity, and availability) and the ease of exploitation (no authentication required), generates a high risk for a large number of infrastructures.
Additionally, while the vulnerability has not yet been observed to be exploited in the wild, a proof-of-concept (PoC) exploit was published, thus increasing the risk of exploitation by threat actors.
Description
The CVE-2024-8517, having a CVSS score of 9.8 (critical), allows a remote and unauthenticated attacker to execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
The impact of this vulnerability is serious and could lead to a complete system compromise and potentially:
- unauthorized access to sensitive data
- modification or deletion of critical files
- installation of malware
- lateral movement within the network
- use of the compromised system as a launching point for further attacks
The vulnerability affects the versions prior to 4.3.2, 4.2.16, and 4.1.18.
It is recommended to update to SPIP versions 4.3.2, 4.2.16, and 4.1.18., according to the information provided by the developer.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
CVE - https://www.cve.org/CVERecord?id=CVE-2024-8517
NVD - https://nvd.nist.gov/vuln/detail/CVE-2024-8517
Security Online - https://securityonline.info/cve-2024-8517-critical-spip-flaw-leaves-websites-vulnerable-to-remote-attacks-poc-published/