mobsf
Behoben in
3.9.8
3.9.7
CVE-2024-54000 describes a server-side request forgery (SSRF) vulnerability discovered in Mobile Security Framework (MobSF), a popular pen-testing and malware analysis tool. This flaw allows an attacker to potentially access internal resources or perform unauthorized actions by manipulating the framework's request handling. The vulnerability affects versions of MobSF prior to 3.9.7 and is a bypass of a previous fix for CVE-2024-29190. A fix is available in version 3.9.7.
The SSRF vulnerability in MobSF arises from the requests.get() function in the checkurl method, which incorrectly allows redirects (allow_redirects=True). This enables an attacker to craft a malicious URL that, when processed by MobSF, triggers a 302 redirect to an arbitrary internal or external resource. This bypasses the mitigation implemented for CVE-2024-29190, effectively reintroducing the SSRF risk. Successful exploitation could allow an attacker to read sensitive files, access internal APIs, or even interact with other services within the network, depending on the permissions and access rights of the MobSF process. The blast radius extends to any internal resources accessible via HTTP/HTTPS from the MobSF server.
CVE-2024-54000 was publicly disclosed on December 3, 2024. It is a bypass of a previous vulnerability (CVE-2024-29190), indicating potential for rapid exploitation. The EPSS score is likely to be medium, given the ease of exploitation and the potential impact. No public proof-of-concept (PoC) code has been publicly released as of this writing, but the nature of the SSRF vulnerability suggests that a PoC is likely to emerge quickly. Monitor security advisories and threat intelligence feeds for updates.
Organizations and individuals using MobSF for mobile application security assessments and malware analysis are at risk. Specifically, those running versions prior to 3.9.7, particularly in environments with sensitive internal resources accessible via HTTP/HTTPS, are most vulnerable. Shared hosting environments where MobSF is deployed could also be at increased risk if proper network isolation is not implemented.
• linux / server: Monitor MobSF logs for outbound requests with 302 redirect responses. Use journalctl -u mobsf to filter for relevant log entries.
journalctl -u mobsf | grep "302 Found"• generic web: Use curl to test for SSRF by attempting to redirect MobSF to an internal resource.
curl -v --location 'http://localhost/_check_url?url=http://internal.example.com'• python: If you have access to the MobSF source code, review the checkurl method for the allow_redirects=True setting and ensure it is removed.
disclosure
Exploit-Status
EPSS
0.17% (38% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-54000 is to immediately upgrade MobSF to version 3.9.7 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter outbound requests from MobSF, specifically blocking requests with 302 redirect responses. Carefully review and restrict network access for the MobSF process to minimize the potential impact of a successful SSRF attack. Monitor MobSF logs for suspicious outbound requests, particularly those involving redirects. Consider implementing stricter URL validation and sanitization within the checkurl method as a temporary workaround, although this is not a substitute for upgrading.
Aktualisieren Sie Mobile Security Framework (MobSF) auf Version 3.9.7 oder höher. Diese Version enthält die Korrektur für die SSRF-Vulnerabilität. Sie können die neueste Version von der offiziellen Website herunterladen oder über den entsprechenden Paketmanager aktualisieren.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-54000 is a HIGH severity SSRF vulnerability in MobSF versions ≤3.7.6, allowing attackers to bypass a previous fix and potentially access internal resources.
Yes, if you are using MobSF versions prior to 3.9.7, you are affected by this SSRF vulnerability.
Upgrade MobSF to version 3.9.7 or later to mitigate the vulnerability. Consider WAF rules as a temporary workaround.
While no public exploits are currently known, the ease of exploitation suggests active exploitation is possible and should be monitored for.
Refer to the MobSF project's official GitHub repository and security advisories for the latest information and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.