Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Critical And High Improper Authorization Vulnerabilities In Mautic, Patch Immediately!
Image
Veröffentlicht : 27/02/2025
Reference:
Advisory #2025-46
Version:
1.0
Affected software:
Mautic versions < 5.2.3
Type:
Remote Code Execution (RCE), Path Traversal File Deletion, Improper authorization
CVE/CVSS:
CVE-2024-47051: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L) CVE-2024-47053: CVSS 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
Sources
NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47051
NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47053
Risks
On 25 February 2025, Mautic published two security advisories about a critical (CVE-2024-47051) and a high (CVE-2024-47053) vulnerability affecting the Mautic platform.
Mautic is an open-source marketing automation platform that helps businesses automate marketing campaigns, manage customer interactions, and track user engagement. It provides tools for email marketing, lead generation, campaign management, and social media integration.
Successful exploitation of CVE-2024-47051 can lead to remote code execution (RCE) and Path Traversal File deletion.
Successful exploitation of CVE-2024-47053 can lead to unauthorized access to sensitive report data.
If a threat actor exploits CVE-2024-47051, this can have a high impact on confidentiality and a low impact on both integrity and availability.
If a threat actor exploits CVE-2024-47053, this can have a high impact on confidentiality, but no impact on either integrity or availability.
Description
CVE-2024-47051:
An authenticated network-based attacker can bypass restrictions and upload executable files, giving them the ability to executing arbitrary code. This stems from inadequate enforcement of allowed file extensions in the asset upload functionality.
A remote authenticated threat actor can delete arbitrary files on the host system, by manipulating the file deletion process. This stems from the improper handling of path components, leading to a path traversal vulnerability.
CVE-2024-47053:
A remote authenticated user can exploit Mautic’s API authorization to access all reports and their associated data. The attacker can exploit this vulnerability if they manage to bypass the default access controls ("Reporting Permissions > View Own", "Reporting Permissions > View Others"). Those indented access controls are in place to restrict access to non-system reports. For this specific vulnerability, there is a workaround, which is disabling the API in Mautic.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
According to Mautic’s official advisories, these two vulnerabilities have been fixed in versions 5.2.3 and later.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Mautic advisory: https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
Mautic advisory: https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc