WARNING: CRITICAL VULNERABILITY IN MOBILE SECURITY FRAMEWORK CAN LEAD TO REMOTE CODE EXECUTION, PATCH IMMEDIATELY!
CVE-2024-43399 / CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43399
Risks
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The vulnerability could allow an attacker to gain full control of the server that the vulnerable application is running on. The attack can be achieved remotely.
A proof-of-concept is available, which allows attackers to perform the attack more easily.
Description
The software has a faulty implementation in the functionality that should prevent Zip Slip attacks, an arbitrary file overwrite which can result in Remote Code Execution.
When the application scans a malicious file with the “.a” extension, it allows files to be extracted to any location on the server were the application is running. This can overwrite any existing file on the server and subsequently lead to Remote Code Execution.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:https://ccb.belgium.be/en/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
GitHub: https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-4hh3-vj32-gr6j