www.belgium.be Logo of the federal government

Warning: Critical Incorrect Implementation of Authentication Algorithm vulnerability in M-Files server versions before 24.11 using LDAP configurations that support anonymous binding, Patch Immediately!

Référence: 
Advisory #2024-273
Version: 
1.0
Logiciels concernés : 
M-Files server versions before 24.11
Type: 
Incorrect Implementation of Authentication Algorithm vulnerability
CVE/CVSS: 

CVE-2024-10127 / CVSS: 9.2 (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)

 

Sources

M-Files: https://www.m-files.com/

M-Files: https://product.m-files.com/cve-2024-10127/

Risques

M-Files server is a document management solution to organise and manage electronic documents.

A 9.2 critical vulnerability (CVE-2024-10127) exists in its versions below 24.11 in combination with LDAP authentication via an LDAP server that supports anonymous binding (anonymous binding is not enabled by default in LDAP servers.). If left unpatched, the affected software and data are vulnerable to low complexity unauthorised access attacks via the network which could have a high impact on confidentiality, integrity and/or availability.

There are no known proof of concept exploits or indications that this vulnerability is being actively exploited.  The flaw is fixed in version 24.11.

Description

CVE-2024-10127 is of the Incorrect Implementation of Authentication Algorithm type. If exploited successfully on a configuration that includes LDAP authentication via an LDAP server that supports anonymous binding, the vulnerability can allow a remote attacker to authenticate without a password.

Actions recommandées

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Références

NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10127