Monday, October 14, 2024

Apache HugeGraph-Server Vulnerability Actively Exploited, CISA Warns Users to Patch Immediately

Share

- Advertisement -

The United States Cybersecurity and Infrastructure Security Agency (CISA) has raised an alert regarding a severe vulnerability in the Apache HugeGraph-Server.

This flaw, which has now been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, is reportedly being actively exploited by cybercriminals.

The vulnerability, identified as CVE-2024-27348, was patched several months ago in April, but it remains a significant threat to systems that haven’t been updated yet.

Critical Security Threat for Users of Apache HugeGraph

The vulnerability is a Remote Code Execution (RCE) flaw, specifically within the Gremlin graph traversal language API, which is an integral part of the Apache HugeGraph-Server.

With a severity score of 9.8, this bug poses a major security risk to systems running versions of HugeGraph prior to 1.3.0.

In essence, it allows malicious actors to execute arbitrary commands on affected servers remotely, putting critical data and system functionality at risk.

- Advertisement -

The flaw was disclosed months ago, and the patch was made available in April. However, its continued exploitation highlights that many organisations are yet to apply the necessary updates, leaving their systems exposed to potential attacks.

Federal Agencies Must Act Before October 9

In response to the active exploitation of this vulnerability, CISA has mandated that federal agencies install the patch for Apache HugeGraph-Server before October 9, 2024.

Failure to comply with this deadline could result in agencies being forced to discontinue the use of this graph database solution entirely.

CISA’s inclusion of the flaw in its KEV catalog indicates that the vulnerability is a serious threat and has been actively targeted in real-world cyberattacks.

While this warning is primarily aimed at federal agencies, private organisations using Apache HugeGraph should also heed the alert and ensure their systems are patched and protected.

Enhancing Security: Best Practices

In addition to applying the available patch, users of Apache HugeGraph-Server are advised to follow several best practices to enhance the security of their systems.

- Advertisement -
  1. Upgrade to Java 11: Users should ensure they are running Java 11 for improved security and compatibility.
  2. Enable the Authentication System: Turning on the Auth system adds an extra layer of security by requiring proper credentials to access the HugeGraph-Server.
  3. Activate the Whitelist-IP/Port Function: This feature restricts which IP addresses and ports can access the server, thereby strengthening the security of the RESTful-API execution.

These measures, when implemented alongside the patch, can significantly reduce the risk of exploitation.

Public Exploits and Active Threat

The security flaw gained wider attention in mid-July 2024 when the Shadowserver Foundation reported signs of active exploitation.

They revealed that proof-of-concept (PoC) code for this vulnerability had been made publicly available in early June, making it easier for cybercriminals to target vulnerable systems.

At the time, the Shadowserver Foundation strongly advised HugeGraph users to update their systems immediately to mitigate potential damage.

Apache HugeGraph, an open-source graph database system, is used to store and query large-scale graph data, including billions of vertices and edges.

It supports the Apache TinkerPop3 framework and is compatible with the Gremlin query language, allowing users to run complex graph-based queries and analyses.

- Advertisement -

Other Vulnerabilities Added to CISA’s KEV Catalog

Apart from the Apache HugeGraph-Server flaw, CISA has also added four other vulnerabilities to its KEV catalog.

  1. CVE-2020-0618: A Remote Code Execution Vulnerability in Microsoft SQL Server Reporting Services.
  2. CVE-2019-1069: A Privilege Escalation Vulnerability in Microsoft Windows Task Scheduler.
  3. CVE-2022-21445: A Remote Code Execution flaw in Oracle JDeveloper.
  4. CVE-2020-14644: A Remote Code Execution vulnerability affecting Oracle WebLogic Server.

It’s important to note that the addition of these vulnerabilities to the KEV catalog doesn’t necessarily imply that they are currently being exploited, but it confirms that they were actively targeted in the past.

- Advertisement -
Emily Parker
Emily Parker
Emily Parker is a seasoned tech consultant with a proven track record of delivering innovative solutions to clients across various industries. With a deep understanding of emerging technologies and their practical applications, Emily excels in guiding businesses through digital transformation initiatives. Her expertise lies in leveraging data analytics, cloud computing, and cybersecurity to optimize processes, drive efficiency, and enhance overall business performance. Known for her strategic vision and collaborative approach, Emily works closely with stakeholders to identify opportunities and implement tailored solutions that meet the unique needs of each organization. As a trusted advisor, she is committed to staying ahead of industry trends and empowering clients to embrace technological advancements for sustainable growth.

Read More

Trending Now