Image Poisoning Vulnerability in OpenWrt's Image On Demand Server
CVE-2024-54143
Key Information:
- Vendor
OpenWrt
- Vendor
- CVE Published:
- 6 December 2024
Badges
What is CVE-2024-54143?
CVE-2024-54143 is a vulnerability found in the image on demand server associated with OpenWrt-based distributions, specifically the openwrt/asu repository. The primary function of this product is to manage and serve firmware images to devices running OpenWrt, a popular open-source operating system for embedded devices. However, the vulnerability arises from the way the system hashes requests, using a truncated SHA-256 hash with only 12 characters. This reduction in entropy significantly increases the chances of collision attacks, where an attacker can manipulate the system to serve a malicious firmware image in place of a legitimate one. This scenario can lead to serious security ramifications for organizations relying on OpenWrt, as it undermines the integrity of their firmware and can facilitate further exploits.
Technical Details
The vulnerability in CVE-2024-54143 stems from the request hashing mechanism employed by the image on demand server. By truncating the SHA-256 hashes, the system allows for a feasible generation of hash collisions. This means that an attacker can create a previously constructed malicious image that matches the hash of a valid image and substitute it during the serving process. Additionally, this vulnerability can be compounded by other weaknesses, such as command injection in Imagebuilder, where attackers can inject arbitrary commands into the build process, ultimately producing compromised firmware images that are signed with a legitimate build key. The vulnerability has been addressed in a subsequent patch.
Impact of the Vulnerability
-
Malicious Firmware Deployment: The most significant impact of CVE-2024-54143 is the ability for attackers to serve malicious firmware images to users. This manipulation could compromise the security and functionality of affected devices, enabling unauthorized access and control.
-
Cache Poisoning: By poisoning the artifact cache, attackers can affect not just individual devices but potentially an entire network of OpenWrt devices. This widespread risk heightens concerns for organizations that depend on these systems for critical operations.
-
Exploitation Risk: The nature of this vulnerability presents a considerable risk for exploitation in the wild. Attackers could leverage this flaw for further malicious activities, potentially integrating it into larger attacks that involve other critical vulnerabilities or other components of the network infrastructure. This multifaceted threat increases the urgency for organizations to address the vulnerability promptly.
News Articles
The Hacker NewsCVE-2024-54143Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
Critical OpenWrt flaw CVE-2024-54143 (CVSS 9.3) enables malicious firmware injection; update ASU now.
OpenWrt Sysupgrade flaw let hackers push malicious firmware images
A flaw in OpenWrt's Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages.