CyberWatch

Apache HugeGraph-Server Vulnerability Added to CISA KEV Catalog

By

Matthew Fagan, Vulnerability Management Patch Analyst

By

Access Point Consulting

A vulnerability affecting Apache HugeGraph-Server, categorized as CVE-2024-27348, was disclosed in August 2024 and recently added to the CISA Known Exploited Vulnerabilities (KEV) catalog on 9/18/2024. This flaw, found in Apache HugeGraph-Server versions 1.0.0 through 1.3.0, and affecting instances running Java 8 or 11, can result in remote code execution (RCE). Proof of Concept (PoC) exploit code has been released, along with a detailed analysis from SecureLayer7.

Impact

Exploitation of this vulnerability can result in remote code execution, leading to a complete compromise of the system’s confidentiality, integrity, and availability. The availability of PoC exploit code and in-depth analysis heightens the risk of this vulnerability being exploited on a wider scale, though there is currently no evidence of active exploitation by threat actors.

According to SecureLayer7’s analysis, the exploit leverages Gremlin, a graph traversal language, to execute commands through the ProcessBuilder class, utilizing reflection to create a new directory, which triggers the RCE.

Affected Software

Apache HugeGraph-Server versions 1.0.0 to 1.3.0

Remediation and Recommendations

  1. Upgrade to version 1.3.0 of Apache HugeGraph-Server to address the vulnerability.
  2. Enable user authentication, which is not enabled by default, to add an extra layer of protection.
  3. For production environments, it is recommended to use Java 11. If still using Java 8, plan to upgrade as Apache HugeGraph-Server will no longer support Java 8 beyond version 1.3.0.
  4. Verify the software integrity by performing a hash check before installation to ensure it matches the expected value. Follow the relevant guide for assistance in performing this check.

By taking these steps, organizations can mitigate the risks associated with this vulnerability and safeguard their Apache HugeGraph-Server deployments.

Associated Bulletins

GitHub - Zeyad-Azima/CVE-2024-27348: Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 )

NVD - CVE-2024-27348 (nist.gov)

Analysis of CVE-2024-2738 Apache HugeGraph (securelayer7.net)

#VulnerabilityAlert#CVE202427348#RemoteCodeExecution#ApacheHugeGraph#Cybersecurity#CyberWatch

Resources

Trending Articles & Security Reports

Resources

CyberWatch

October 7, 2024

VINs and Losses: How Hackers Take Kias for a Ride

In the age of smart cars and connected devices, convenience often comes with hidden risks. A recently discovered critical vulnerability in Kia vehicles serves as a stark reminder of how our increasingly digital world is making cars new targets for cyberattacks. This vulnerability allowed hackers to remotely control various vehicle functions—using nothing more than a car's license plate number. It highlights the growing threat of cyberattacks on connected cars and the importance of cybersecurity in the automotive industry.

Find out more
October 3, 2024

Vulnerability in SolarWinds Managed File Transfer Server Actively Exploited

CVE-2024-28995 SolarWinds has issued a critical update for a zero-day vulnerability in its Serv-U MFT Server, allowing attackers to bypass security and access restricted files without authentication. Actively exploited, this flaw poses a significant risk for businesses that delay applying the fix.

Find out more
October 1, 2024

Critical Container Flaw Could Impact NVIDIA AI Services

On September 25th, NVIDIA issued a security advisory regarding a critical vulnerability (CVE-2024-0132) in the NVIDIA Container Toolkit. This Time-of-Check Time-of-Use (TOCTOU) flaw allows a specially crafted container image to access the host file system. The vulnerability impacts most AI applications in both cloud and on-prem environments using NVIDIA GPUs.

Find out more