Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Apache Software Foundation Has Patched CVE-2024-52577, A Critical RCE Vulnerability In Apache Ignite. Patch Immediately!
Image
Veröffentlicht : 18/02/2025
Reference:
Advisory #2025-38
Version:
1.0
Affected software:
Apache Ignite 2.6.0 to 2.16.x
Type:
Deserialization of untrusted data
CVE/CVSS:
CVE-2024-52577: CVSS 9.8 (CVSS:3.1/ AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Apache: https://lists.apache.org/thread/1bst0n27m9kb3b6f6hvlghn182vqb2hh
NVD: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-52577
Risks
CVE-2024-52577 is a critical deserialization of untrusted data vulnerability in Apache Ignite, caused by the inadequate enforcement of class serialization filters on certain server endpoints.
Exploitation of this vulnerability could allow an attacker to execute arbitrary code on the server via a maliciously crafted Ignite message, posing a high risk to the confidentiality, integrity, and availability of the affected systems.
Description
The Apache Ignite critical vulnerability CVE-2024-52577 poses a significant risk due to improper enforcement of class serialization filters, potentially leading to remote code execution.
Apache Ignite is an open-source distributed database and computing platform designed for high-performance computing. It provides in-memory data storage, distributed caching, and processing capabilities, making it suitable for real-time analytics and data processing.
In Apache Ignite versions 2.6.0 through 2.16.x, certain Ignite endpoints ignore configured serialization filters. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server class path and sends it to Ignite server endpoints.
If the server deserializes the malicious message, it could trigger the execution of arbitrary code, severely compromising system integrity and security.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends to upgrade to version 2.17.0 or later to mitigate this risk with the highest priority, after thorough testing.
As a temporary workaround, users can implement additional security measures such as restricting access to Ignite server endpoints and monitoring incoming messages for suspicious patterns. However, this does not replace the need to upgrade to the patched version.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Openwall: https://www.openwall.com/lists/oss-security/2025/02/14/2
CVE: https://www.cve.org/CVERecord?id=CVE-2024-52577
Vulert: https://vulert.com/vuln-db/CVE-2024-52577
SNYK Security: https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEIGNITE-8728364