Platform
python
Component
mobsf
Fixed in
4.0.8
4.0.7
CVE-2024-43399 is a high-severity vulnerability (CVSS 8) affecting MobSF versions up to 3.9.7. This flaw, located within the Static Libraries analysis section, allows attackers to bypass inadequate Zip Slip protection and extract files to arbitrary locations on the server. A fix is available in version 4.0.7, addressing the improperly implemented mitigation.
The Zip Slip vulnerability in MobSF's static analyzer allows an attacker to manipulate file extraction paths during the analysis of .a archive files. This bypasses the intended security measure, enabling the attacker to write files outside of the intended directory. Successful exploitation could lead to arbitrary code execution on the server hosting MobSF, potentially allowing for complete system compromise. The attacker could install malware, steal sensitive data, or disrupt services. This vulnerability is particularly concerning given MobSF's role in mobile application security analysis, where it handles potentially malicious code.
CVE-2024-43399 was publicly disclosed on August 19, 2024. While no active exploitation campaigns have been confirmed, the availability of a public description and the relatively straightforward nature of Zip Slip vulnerabilities suggest a potential for exploitation. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code is not yet available, but the detailed description allows for relatively easy reproduction.
Exploit Status
EPSS
0.41% (61% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-43399 is to upgrade MobSF to version 4.0.7 or later, which includes the corrected Zip Slip protection. If upgrading is not immediately feasible, consider restricting access to the Static Libraries analysis functionality. Implement strict file system permissions to limit the impact of potential file writes outside the intended directory. Monitor MobSF logs for unusual file extraction activity. While a WAF cannot directly prevent this vulnerability, it can help detect and block malicious requests attempting to exploit it.
Actualice Mobile Security Framework (MobSF) a la versión 4.0.7 o superior. Esta versión contiene la corrección para la vulnerabilidad Zip Slip. Puede descargar la última versión desde el sitio web oficial o el repositorio de GitHub.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-43399 is a high-severity vulnerability in MobSF versions up to 3.9.7 that allows attackers to extract files to arbitrary locations on the server due to an improperly implemented Zip Slip protection.
Yes, if you are using MobSF version 3.9.7 or earlier, you are affected by this vulnerability. Upgrade to version 4.0.7 or later to mitigate the risk.
The recommended fix is to upgrade MobSF to version 4.0.7 or later. If upgrading is not possible, restrict access to the Static Libraries analysis functionality and implement strict file system permissions.
While no active exploitation campaigns have been confirmed, the vulnerability's nature suggests a potential for exploitation, and it's crucial to apply the patch promptly.
Refer to the MobSF project's official channels, such as their GitHub repository or website, for the latest advisory and release notes regarding CVE-2024-43399.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.