Vulnerability in Nuclei Vulnerability Scanner Affecting Signature Verification
CVE-2024-43405

7.8HIGH

Key Information:

Vendor
Projectdiscovery
Status
Nuclei
Vendor
CVE Published:
4 September 2024

Badges

πŸ”₯ Trending nowπŸ“ˆ TrendedπŸ“ˆ Score: 8,780πŸ“° News Worthy

What is CVE-2024-43405?

CVE-2024-43405 is a security vulnerability identified in the Nuclei vulnerability scanner, a tool utilized for identifying security issues in various applications and infrastructures using template-driven scans. This vulnerability specifically affects the template signature verification system, enabling attackers to bypass signature checks. By exploiting this weakness, an attacker could potentially execute malicious code through custom templates, which may pose significant risks to organizations utilizing this software, especially if custom code templates from unverified sources are executed.

Technical Details

The vulnerability resides in the signer package of Nuclei, starting from version 3.0.0 and affecting all versions up to 3.3.2. The flaw arises from a misalignment in how newline characters are processed during the signature verification and YAML parsing. This mismatch, coupled with the handling of multiple signatures, allows attackers to inject harmful content into a template while retaining a valid signature for the legitimate part. This makes it challenging for users to detect malicious modifications when they run these custom templates, increasing the risk of exploitation.

Potential Impact of CVE-2024-43405

  1. Remote Code Execution: The most critical impact is the potential for remote code execution through maliciously crafted templates, allowing attackers to take control of affected systems.

  2. Compromise of Trusted Environments: If organizations utilize unverified custom templates, there is a risk that their trusted environments could be compromised without detection, leading to severe operational risks and data loss.

  3. Widespread Template Exploitation: The vulnerability affects CLI users and SDK integrations, meaning that a broad range of scenarios where Nuclei is used could be susceptible to exploitation, increasing the likelihood of aggressive attacks on vulnerable instances.

News Articles

favicon imageSecurity Affairs

Nuclei flaw allows signature bypass and code execution

A vulnerability in Nuclei, an open-source vulnerability scanner, could allow attackers to bypass signature checks and execute malicious code.

3 days ago

favicon imageThe Hacker News

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

CVE-2024-43405 in Nuclei allows signature bypass, enabling arbitrary code execution. Update to version 3.3.7 for critical fixes.

4 days ago

favicon imagewiz.io

A Signature Verification Bypass in Nuclei (CVE-2024-43405) | Wiz Blog

Wiz's engineering team discovered a high-severity signature verification bypass in Nuclei which could potentially lead to arbitrary code execution.

5 days ago

References

https://github.com/projectdiscovery/nuclei/security/advis...
https://github.com/projectdiscovery/nuclei/commit/0da993a...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ“°

    First article discovered by wiz.io

  • Vulnerability published

Collectors

NVD Database3 News Article(s)
.