プラットフォーム
python
コンポーネント
mobsf
修正版
4.0.8
4.0.7
CVE-2024-43399 is a high-severity vulnerability (CVSS 8) affecting MobSF versions up to 3.9.7. This flaw, located within the Static Libraries analysis section, allows attackers to bypass inadequate Zip Slip protection and extract files to arbitrary locations on the server. A fix is available in version 4.0.7, addressing the improperly implemented mitigation.
The Zip Slip vulnerability in MobSF's static analyzer allows an attacker to manipulate file extraction paths during the analysis of .a archive files. This bypasses the intended security measure, enabling the attacker to write files outside of the intended directory. Successful exploitation could lead to arbitrary code execution on the server hosting MobSF, potentially allowing for complete system compromise. The attacker could install malware, steal sensitive data, or disrupt services. This vulnerability is particularly concerning given MobSF's role in mobile application security analysis, where it handles potentially malicious code.
CVE-2024-43399 was publicly disclosed on August 19, 2024. While no active exploitation campaigns have been confirmed, the availability of a public description and the relatively straightforward nature of Zip Slip vulnerabilities suggest a potential for exploitation. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code is not yet available, but the detailed description allows for relatively easy reproduction.
Organizations using MobSF for mobile application security analysis are at risk, particularly those running versions 3.9.7 or earlier. Shared hosting environments where MobSF is deployed could be especially vulnerable, as an attacker gaining access to one instance could potentially compromise the entire server. Teams relying on MobSF for automated security assessments should prioritize patching.
• python / server: Examine MobSF logs for unusual file extraction patterns, particularly those involving .a files. Look for file writes outside of the expected analysis directory.
find /opt/mobsf/ -type f -name '*.a' -printf '%P\n' | grep -v '/mobsf/StaticAnalyzer/temp/'• python / server: Monitor file system integrity using tools like AIDE or Tripwire, focusing on the MobSF installation directory and temporary analysis directories. • generic web: Monitor MobSF server for unexpected file creation or modification within the application's data directories.
disclosure
エクスプロイト状況
EPSS
0.41% (61% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2024-43399 is to upgrade MobSF to version 4.0.7 or later, which includes the corrected Zip Slip protection. If upgrading is not immediately feasible, consider restricting access to the Static Libraries analysis functionality. Implement strict file system permissions to limit the impact of potential file writes outside the intended directory. Monitor MobSF logs for unusual file extraction activity. While a WAF cannot directly prevent this vulnerability, it can help detect and block malicious requests attempting to exploit it.
Actualice Mobile Security Framework (MobSF) a la versión 4.0.7 o superior. Esta versión contiene la corrección para la vulnerabilidad Zip Slip. Puede descargar la última versión desde el sitio web oficial o el repositorio de GitHub.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-43399 is a high-severity vulnerability in MobSF versions up to 3.9.7 that allows attackers to extract files to arbitrary locations on the server due to an improperly implemented Zip Slip protection.
Yes, if you are using MobSF version 3.9.7 or earlier, you are affected by this vulnerability. Upgrade to version 4.0.7 or later to mitigate the risk.
The recommended fix is to upgrade MobSF to version 4.0.7 or later. If upgrading is not possible, restrict access to the Static Libraries analysis functionality and implement strict file system permissions.
While no active exploitation campaigns have been confirmed, the vulnerability's nature suggests a potential for exploitation, and it's crucial to apply the patch promptly.
Refer to the MobSF project's official channels, such as their GitHub repository or website, for the latest advisory and release notes regarding CVE-2024-43399.
requirements.txt ファイルをアップロードすると、影響の有無を即座にお知らせします。