SQL Injection Vulnerability in Apache Traffic Control
CVE-2024-45387

8.8HIGH

Key Information:

Vendor
Apache
Status
Apache Traffic Control
Vendor
CVE Published:
23 December 2024

Badges

šŸ“ˆ TrendedšŸ“ˆ Score: 2,870šŸ’° RansomwarešŸ‘¾ Exploit ExistsšŸŸ£ EPSS 14%šŸ“° News Worthy

What is CVE-2024-45387?

CVE-2024-45387 is a critical SQL injection vulnerability discovered in the Apache Traffic Control application, specifically within the Traffic Ops component. This vulnerability affects versions equal to or lower than 8.0.1 and allows privileged usersā€”those with admin, federation, operations, portal, or steering rolesā€”to execute arbitrary SQL commands against the database through crafted PUT requests. If exploited, this vulnerability can lead to unauthorized database access and manipulation, significantly endangering an organizationā€™s data integrity and security posture.

Technical Details

The vulnerability arises from improper handling of input in Apache Traffic Controlā€™s Traffic Ops, permitting a malicious privileged user to execute SQL commands outside of the intended usage context. This SQL injection could be triggered via specially formatted requests, enabling attackers to potentially extract sensitive data, alter database tables, or conduct other harmful database operations. Users of affected versions are advised to upgrade to Apache Traffic Control 8.0.2 to remediate this security issue.

Potential impact of CVE-2024-45387

  1. Data Breach: The ability to execute arbitrary SQL queries can lead to unauthorized access to sensitive information stored in the database, resulting in data breaches that could expose personally identifiable information (PII) and other confidential data.

  2. Database Manipulation: Attackers could exploit this vulnerability to modify or delete critical data within the database. Such actions can disrupt business operations, corrupt data integrity, and lead to significant downtime.

  3. Cascade of Attacks: Once an attacker gains access through compromised privileged accounts, they can leverage the access to escalate privileges further or pivot to different systems within the organization's network, leading to more extensive security incidents.

Affected Version(s)

Apache Traffic Control 8.0.0 <= 8.0.1

Apache Traffic Control 7.0.0 < 8.0.0

News Articles

favicon imageTheCyberThrone

TheCyberThrone Security Weekly Review ā€“ January 04, 2025

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 04, 2025. CVE-2024-56512 impacts Apache NiFi CVE-2024-56512 is a security vulnerability identified in Apache NiFi, specifically affec...

favicon imageTheCyberThrone

Exploit Code released for Apache Traffic Control Flaw CVE-2024-45387

What is CVE-2024-45387? CVE-2024-45387 is a critical vulnerability identified in Apache Traffic Control, specifically affecting the Traffic Ops module in versions 8.0.0 to 8.0.1. The nature of this vulnerability is an SQL injection flaw, which allows an attacker to inject and execute arbitrary SQL c...

favicon imageSecurity Affairs

Apache fixed a critical SQL Injection in Apache Traffic Control

Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked asĀ CVE-2024-45387, in Apache Traffic Control.

References

https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt...
vendor-advisory

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • šŸ“ˆ

    Vulnerability started trending

  • šŸ’°

    Used in Ransomware

  • šŸ‘¾

    Exploit known to exist

  • šŸ“°

    First article discovered by Cyber Security News

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yuan Luo from Tencent YunDing Security Lab
.