Plateforme
freebsd
Composant
truenas-core
Corrigé dans
13.3.1
CVE-2024-11944 describes a Remote Code Execution (RCE) vulnerability in iXsystems TrueNAS CORE, specifically affecting versions 13.3-RELEASE–13.3-RELEASE. This flaw stems from insufficient path validation within the tarfile.extractall method, allowing attackers to potentially execute arbitrary code on vulnerable systems. The vulnerability is particularly concerning as it requires no authentication to exploit, posing a significant risk to TrueNAS deployments.
The impact of CVE-2024-11944 is severe. An attacker can leverage this directory traversal vulnerability to execute arbitrary code with root privileges on the affected TrueNAS system. This could lead to complete system compromise, including data exfiltration, data destruction, and the installation of persistent malware. Given the critical role TrueNAS often plays in storing and managing sensitive data, a successful exploitation could have devastating consequences for organizations. The lack of authentication requirement significantly broadens the attack surface, making it accessible to a wide range of attackers.
CVE-2024-11944 was disclosed on December 30, 2024. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of exploitation. The vulnerability's ease of exploitation and the potential for root access suggest a medium to high probability of exploitation. It is not currently listed on CISA KEV, but its severity warrants close monitoring. The vulnerability shares similarities with other directory traversal exploits, highlighting the importance of robust input validation in file handling operations.
Organizations heavily reliant on TrueNAS CORE for data storage and management are at significant risk. This includes small to medium-sized businesses (SMBs) and enterprises utilizing TrueNAS for file sharing, backups, and virtual machine hosting. Shared hosting environments using TrueNAS are particularly vulnerable due to the potential for cross-tenant exploitation.
• freebsd / server:
journalctl -u zed -g 'tarfile.extractall'• freebsd / server:
find /usr/local -type f -mtime -1 -print• generic web:
curl -I http://<truenas_ip>/path/to/malicious/file.tar.gz• generic web:
grep -i 'tarfile.extractall' /var/log/nginx/access.logdisclosure
Statut de l'Exploit
EPSS
2.41% (percentile 85%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-11944 is to upgrade to a patched version of TrueNAS CORE as soon as it becomes available. Until a patch is applied, consider implementing temporary workarounds to reduce the attack surface. Restricting network access to the TrueNAS system, particularly from untrusted sources, is crucial. Implement strict firewall rules to limit inbound connections. Monitor system logs for any suspicious activity, such as unusual file creations or modifications within the /usr/local/ directory. While a WAF or proxy cannot directly prevent this vulnerability, it can help detect and block malicious requests attempting to exploit it.
Actualice TrueNAS CORE a una versión posterior a 13.3-RELEASE que contenga la corrección para esta vulnerabilidad. Consulte las notas de la versión de TrueNAS para obtener más detalles.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-11944 is a Remote Code Execution vulnerability in TrueNAS CORE versions 13.3-RELEASE–13.3-RELEASE. It allows attackers to execute arbitrary code due to a flaw in the tarfile.extractall function.
If you are running TrueNAS CORE 13.3-RELEASE–13.3-RELEASE, you are potentially affected. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade to a patched version of TrueNAS CORE. Monitor iXsystems' website for updates and follow their instructions carefully.
While there are no confirmed reports of active exploitation at this time, the vulnerability's severity and ease of exploitation suggest a high likelihood of future attacks.
Refer to the iXsystems security advisory page for the latest information and updates regarding CVE-2024-11944: https://www.ixsystems.com/security-advisories/
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.