Multiple vulnerabilities in IBM Storage Fusion HCI



| Updated: 2024-11-29
Risk High
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2024-23829
CVE-2024-23334
CVE-2024-1135
CVE-2024-26130
CWE-ID CWE-444
CWE-22
CWE-476
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerability #2 is being exploited in the wild.
Vulnerable software
IBM Fusion HCI
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU85884

Risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2024-23829

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Fusion HCI: before 2.8.0

CPE2.3 External links

http://www.ibm.com/support/pages/node/7151048


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Path traversal

EUVDB-ID: #VU85886

Risk: High

CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2024-23334

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in aiohttp.web.static(follow_symlinks=True). A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Request examples:

For windows: /static/../D:\flag.txt Poc

For Linux: /static/../../../../etc/passwd


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Fusion HCI: before 2.8.0

CPE2.3 External links

http://www.ibm.com/support/pages/node/7151048


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

3) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU89167

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-1135

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests when handling Transfer-Encoding headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Fusion HCI: before 2.8.0

CPE2.3 External links

http://www.ibm.com/support/pages/node/7151048


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU87129

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26130

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Fusion HCI: before 2.8.0

CPE2.3 External links

http://www.ibm.com/support/pages/node/7151048


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###