Attackers are actively exploited by the recently revealed critical vulnerability to Apache Hugegraph-Server, which can lead to remote code execution. Designated as cve-2024-27348 with an assessment of 9.8 on the CVSS scale, vulnerability affects all versions of the software up to 1.3.0. It is described as an error in performing the remote code in the API of the clip of the graph Gremlin.
Apache Software Foundation at the end of April 2024 recommended users to renew to version 1.3.0 with Java 11 and Turn on the authentication system which eliminates this problem. It was also recommended to enable the “Whitelist-IP/Port” function to increase the safety of Restful-API.
The Securelaer7 penetration company in early June released additional technical details about vulnerability, saying that it allows attackers to bypass the sandbox restrictions and execute the code, receiving full control over a vulnerable server.
This week, SHADOWSERVER reported, What they noticed attempts to operate in real conditions, which makes it extremely important.
“We are observing attempts to operate the vulnerabilities of the Apache Hugegraph-Server CVE-2024-27348 via” Post /Gremlin “from various sources,-Shadowterver said. “The POC code has been available since the beginning of June. If you use Hugegraph, be sure to update.”
In recent years, the vulnerabilities found in Apache projects have become favorable points of attack for state and financially motivated attackers. Vulnerabilities such as Log4j, ActiveMQ, and RocketMQ products have long been intensively operated for penetration into the target environment.
vulnerability can be operated by attackers for years even after the release of corrections. Therefore, the key task of security commands is not just to know about patches, but to quickly and systematically apply all safety updates. Processing in this matter leaves digital doors open to attacks, organizing constant risk. Timely update in our time is not a luxury, but a harsh necessity.