CVE-2024-6424 is a critical Server-Side Request Forgery (SSRF) vulnerability affecting MESbook versions 20221021.03. This vulnerability allows a remote, unauthenticated attacker to leverage the /api/Proxy/Post and /api/Proxy/Get endpoints to access sensitive data and potentially compromise the system. The vulnerability was published on July 1, 2024, and a fix is pending; mitigation strategies are crucial.
The SSRF vulnerability in MESbook allows attackers to bypass security controls and interact with internal resources as if they were originating from the MESbook server. Attackers can exploit the /api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST and /api/Proxy/Get?userName=&password=&uri=<ARCHIVO|URL INTERNA|IP/HOST endpoints to read the source code of web files, access internal files, and potentially access network resources. This could lead to data exfiltration, privilege escalation, and complete system compromise. The ability to read source code exposes internal logic and potentially credentials, significantly expanding the attack surface. Successful exploitation could allow an attacker to pivot to other internal systems, leading to a broad impact.
The vulnerability is publicly known as of July 1, 2024, with the publication of the CVE. Exploitation probability is currently assessed as medium due to the ease of exploitation and the lack of a readily available patch. No KEV listing or confirmed exploitation campaigns have been reported at this time. Public proof-of-concept code is likely to emerge given the vulnerability's nature and public disclosure.
Exploit Status
EPSS
0.56% (68% percentile)
CISA SSVC
CVSS Vector
Due to the lack of a provided fixed version, immediate mitigation is essential. Implement Web Application Firewall (WAF) rules to block requests to the vulnerable /api/Proxy/Post and /api/Proxy/Get endpoints, specifically filtering for potentially malicious URIs. Restrict network access to the MESbook server to only necessary ports and services. Thoroughly review and harden the proxy configuration to prevent unauthorized access to internal resources. Monitor system logs for suspicious activity related to the proxy endpoints. After implementing these mitigations, verify their effectiveness by attempting to access internal resources through the proxy endpoints.
Update MESbook to a version later than 20221021.03 that addresses the SSRF vulnerability. If an update is not available, contact the vendor for a patch or alternative solution. As a temporary measure, restrict access to the Proxy/Post and Proxy/Get APIs and validate user-provided URLs.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-6424 is a critical Server-Side Request Forgery (SSRF) vulnerability in MESbook version 20221021.03, allowing attackers to access internal resources and potentially compromise the system.
If you are using MESbook version 20221021.03, you are potentially affected by this vulnerability and should implement mitigation strategies immediately.
A fix is currently unavailable. Mitigate by implementing WAF rules to block requests to the vulnerable endpoints and restricting network access.
While no confirmed exploitation campaigns are currently reported, the vulnerability is publicly known and exploitation is likely.
Refer to MESbook's official website or security channels for updates and advisories regarding CVE-2024-6424.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.