www.belgium.be Logo of the federal government

WARNING: CRITICAL VULNERABILITY IN MOBILE SECURITY FRAMEWORK CAN LEAD TO REMOTE CODE EXECUTION, PATCH IMMEDIATELY!

Reference: 
Advisory #2024-211
Version: 
1.0
Affected software: 
Mobile Security Framework (MobSF) before version 4.0.7
Type: 
Zip Slip (arbitrary file overwrite that can result to Remote Code Execution) vulnerability
CVE/CVSS: 

CVE-2024-43399 / CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43399

Risks

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The vulnerability could allow an attacker to gain full control of the server that the vulnerable application is running on. The attack can be achieved remotely.

A proof-of-concept is available, which allows attackers to perform the attack more easily.

Description

The software has a faulty implementation in the functionality that should prevent Zip Slip attacks, an arbitrary file overwrite which can result in Remote Code Execution.

When the application scans a malicious file with the “.a” extension, it allows files to be extracted to any location on the server were the application is running. This can overwrite any existing file on the server and subsequently lead to Remote Code Execution.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:https://ccb.belgium.be/en/cert/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

GitHub: https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-4hh3-vj32-gr6j