Plattform
linux
Komponente
zimaos
Behoben in
1.2.5
CVE-2024-48931 describes an Arbitrary File Access vulnerability discovered in ZimaOS, a fork of CasaOS. This flaw allows authenticated users to read arbitrary files on the system by manipulating the /v3/file API endpoint. The vulnerability impacts versions of ZimaOS up to and including 1.2.4 and has been resolved in version 1.2.5.
The primary impact of CVE-2024-48931 is the potential for unauthorized access to sensitive system files. Specifically, an attacker can leverage this vulnerability to read the /etc/shadow file, which contains password hashes for all user accounts on the ZimaOS system. Successful exploitation could lead to privilege escalation, allowing the attacker to gain root access and compromise the entire system. This vulnerability is particularly concerning as it bypasses standard authentication mechanisms, enabling file access with a valid, but manipulated, token. The ability to obtain password hashes represents a significant data breach risk, potentially exposing user credentials and enabling further malicious activity.
CVE-2024-48931 was publicly disclosed on 2024-10-24. While no active exploitation campaigns have been publicly confirmed, the ease of exploitation and the sensitivity of the data at risk suggest a potential for rapid exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature and the availability of ZimaOS instances.
Organizations and individuals using ZimaOS, particularly those running it on x86-64 systems with UEFI, are at risk. Shared hosting environments where multiple users share a single ZimaOS instance are particularly vulnerable, as a compromise of one user's account could lead to the exposure of data for all users on the system. Legacy configurations with weak authentication mechanisms are also at increased risk.
• linux / server:
journalctl -u zimaos | grep -i "file access"• linux / server:
ps aux | grep zimaos• generic web:
curl -I http://<Zima_Server_IP:PORT>/v3/file?token=<valid_token>&files=/etc/shadow• generic web:
grep "/etc/shadow" /var/log/nginx/access.logdisclosure
Exploit-Status
EPSS
0.53% (67% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-48931 is to immediately upgrade ZimaOS to version 1.2.5 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests to the /v3/file endpoint with suspicious files parameters. Additionally, restrict access to the ZimaOS API to trusted networks and users. Regularly review API access logs for any unusual activity. After upgrading, confirm the fix by attempting to access sensitive files via the /v3/file endpoint with a manipulated files parameter; access should be denied.
Actualizar a una versión parcheada cuando esté disponible. Como no hay una versión parcheada, se recomienda restringir el acceso a la API y monitorear el sistema en busca de accesos no autorizados hasta que se publique una actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-48931 is a HIGH severity vulnerability in ZimaOS versions ≤1.2.4 that allows authenticated users to read arbitrary files, potentially including sensitive system files like /etc/shadow.
You are affected if you are running ZimaOS version 1.2.4 or earlier. Upgrade to version 1.2.5 to mitigate the risk.
Upgrade ZimaOS to version 1.2.5 or later. As a temporary workaround, implement a WAF rule to block suspicious requests to the /v3/file endpoint.
There are currently no confirmed reports of active exploitation, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the ZimaOS official website and GitHub repository for the latest security advisories and updates related to CVE-2024-48931.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.