Platform
python
Component
mobsf
Fixed in
3.9.8
3.9.7
CVE-2024-54000 describes a server-side request forgery (SSRF) vulnerability discovered in Mobile Security Framework (MobSF), a popular pen-testing and malware analysis tool. This flaw allows an attacker to potentially access internal resources or perform unauthorized actions by manipulating the framework's request handling. The vulnerability affects versions of MobSF prior to 3.9.7 and is a bypass of a previous fix for CVE-2024-29190. A fix is available in version 3.9.7.
The SSRF vulnerability in MobSF arises from the requests.get() function in the checkurl method, which incorrectly allows redirects (allow_redirects=True). This enables an attacker to craft a malicious URL that, when processed by MobSF, triggers a 302 redirect to an arbitrary internal or external resource. This bypasses the mitigation implemented for CVE-2024-29190, effectively reintroducing the SSRF risk. Successful exploitation could allow an attacker to read sensitive files, access internal APIs, or even interact with other services within the network, depending on the permissions and access rights of the MobSF process. The blast radius extends to any internal resources accessible via HTTP/HTTPS from the MobSF server.
CVE-2024-54000 was publicly disclosed on December 3, 2024. It is a bypass of a previous vulnerability (CVE-2024-29190), indicating potential for rapid exploitation. The EPSS score is likely to be medium, given the ease of exploitation and the potential impact. No public proof-of-concept (PoC) code has been publicly released as of this writing, but the nature of the SSRF vulnerability suggests that a PoC is likely to emerge quickly. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.17% (38% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-54000 is to immediately upgrade MobSF to version 3.9.7 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter outbound requests from MobSF, specifically blocking requests with 302 redirect responses. Carefully review and restrict network access for the MobSF process to minimize the potential impact of a successful SSRF attack. Monitor MobSF logs for suspicious outbound requests, particularly those involving redirects. Consider implementing stricter URL validation and sanitization within the checkurl method as a temporary workaround, although this is not a substitute for upgrading.
Update Mobile Security Framework (MobSF) to version 3.9.7 or higher. This version contains the fix for the SSRF vulnerability. You can download the latest version from the official website or update via the corresponding package manager.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-54000 is a HIGH severity SSRF vulnerability in MobSF versions ≤3.7.6, allowing attackers to bypass a previous fix and potentially access internal resources.
Yes, if you are using MobSF versions prior to 3.9.7, you are affected by this SSRF vulnerability.
Upgrade MobSF to version 3.9.7 or later to mitigate the vulnerability. Consider WAF rules as a temporary workaround.
While no public exploits are currently known, the ease of exploitation suggests active exploitation is possible and should be monitored for.
Refer to the MobSF project's official GitHub repository and security advisories for the latest information and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.