#VU100517 Improper privilege management in Apache CloudStack - CVE-2024-50386

Cybersecurity Help s.r.o.

Published: 2024-11-15

Vulnerability identifier: #VU100517

Vulnerability risk: High

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber]

CVE-ID: CVE-2024-50386

CWE-ID: CWE-269

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache CloudStack
Server applications / Other server solutions

Vendor: Apache Foundation

Description

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due the application allows users to register templates to be downloaded directly to the primary storage for deploying instances however does not perform validation checks for KVM-compatible templates. A remote user who can register such templates can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Apache CloudStack: 4.0.2, 4.1.0 - 4.19.1.2, 4.2.0 - 4.2.1, 4.3.0 - 4.3.2, 4.4.0 - 4.4.4, 4.5.1 - 4.5.2.2, 4.6.0 - 4.6.2.1, 4.7.0 - 4.7.1.1, 4.8.0 - 4.8.2.0, 4.9.0 - 4.9.3.1

External links
https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.5-4.19.1.3
https://lists.apache.org/thread/d0x83c2cyglzzdw8csbop7mj7h83z95y
https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-5-and-4-19-1-3/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Remote code execution in Apache CloudStack