Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: SOLARWINDS PLATFORM <2024.2 HAS A RACE CONDITION VULNERABILITY THAT CAN LEAD TO AUTHENTICATION BYPASS, PATCH IMMEDIATELY!
Image
Published : 25/06/2024
Reference:
Advisory #Advisory #2024-95
Version:
1.0
Affected software:
SolarWinds Platform 2024.1 SR 1 and previous versions (Login API module)
Type:
Race condition vulnerability
CVE/CVSS:
CVE-2024-28999
CVSS 8.1(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Risks
A Proof of Concept (PoC) was published for a vulnerability (CVE-2024-2899) in the login API of SolarWinds Platform, affecting versions before 2024.2. This vulnerability could lead to authentication bypass and therefor an unauthenticated attacker could achieve unauthorized access to the SolarWinds Platform. This has a high impact on Confidentiality, Integrity and Availability.
This vulnerability was addressed by Solarwinds in May 2024 in version 2024.2. It has not yet been observed to be exploited in the wild, but technical details and a PoC were recently published, thus increasing the risks of exploitation in the future.
Description
CVE-2024-2899 is a high severity vulnerability (CVSS score of 8.1) that involves the login API of the SolarWinds Platform. When multiple requests are received by the system for login authentication concurrently, it leads to a race condition that is not properly handled. This enables an attacker to brute force a user even when a “AccountLockoutThreshold” is configured since the account does not get locked due to this race condition vulnerability.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. The vulnerability was fixed in version 2024.2 and the patch notes can be found here: https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.