Platform
freebsd
Component
truenas-core
Fixed in
13.3.1
CVE-2024-11944 describes a Remote Code Execution (RCE) vulnerability in iXsystems TrueNAS CORE, specifically affecting versions 13.3-RELEASE–13.3-RELEASE. This flaw stems from insufficient path validation within the tarfile.extractall method, allowing attackers to potentially execute arbitrary code on vulnerable systems. The vulnerability is particularly concerning as it requires no authentication to exploit, posing a significant risk to TrueNAS deployments.
The impact of CVE-2024-11944 is severe. An attacker can leverage this directory traversal vulnerability to execute arbitrary code with root privileges on the affected TrueNAS system. This could lead to complete system compromise, including data exfiltration, data destruction, and the installation of persistent malware. Given the critical role TrueNAS often plays in storing and managing sensitive data, a successful exploitation could have devastating consequences for organizations. The lack of authentication requirement significantly broadens the attack surface, making it accessible to a wide range of attackers.
CVE-2024-11944 was disclosed on December 30, 2024. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of exploitation. The vulnerability's ease of exploitation and the potential for root access suggest a medium to high probability of exploitation. It is not currently listed on CISA KEV, but its severity warrants close monitoring. The vulnerability shares similarities with other directory traversal exploits, highlighting the importance of robust input validation in file handling operations.
Exploit Status
EPSS
2.41% (85% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-11944 is to upgrade to a patched version of TrueNAS CORE as soon as it becomes available. Until a patch is applied, consider implementing temporary workarounds to reduce the attack surface. Restricting network access to the TrueNAS system, particularly from untrusted sources, is crucial. Implement strict firewall rules to limit inbound connections. Monitor system logs for any suspicious activity, such as unusual file creations or modifications within the /usr/local/ directory. While a WAF or proxy cannot directly prevent this vulnerability, it can help detect and block malicious requests attempting to exploit it.
Update TrueNAS CORE to a version later than 13.3-RELEASE that contains the fix for this vulnerability. See the TrueNAS release notes for more details.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-11944 is a Remote Code Execution vulnerability in TrueNAS CORE versions 13.3-RELEASE–13.3-RELEASE. It allows attackers to execute arbitrary code due to a flaw in the tarfile.extractall function.
If you are running TrueNAS CORE 13.3-RELEASE–13.3-RELEASE, you are potentially affected. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade to a patched version of TrueNAS CORE. Monitor iXsystems' website for updates and follow their instructions carefully.
While there are no confirmed reports of active exploitation at this time, the vulnerability's severity and ease of exploitation suggest a high likelihood of future attacks.
Refer to the iXsystems security advisory page for the latest information and updates regarding CVE-2024-11944: https://www.ixsystems.com/security-advisories/
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.