CVE-2024-45802

Improper Input Validation (CWE-20)

Published: Oct 28, 2024 / Updated: 22d ago

010
CVSS 7.5EPSS 0.04%High
CVE info copied to clipboard

Summary

Squid, an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more, is vulnerable to Denial of Service attacks. This vulnerability is due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs. The vulnerability allows a trusted server to launch attacks against all clients using the proxy.

Impact

This vulnerability can lead to a Denial of Service (DoS) attack, which could significantly impact the availability of the Squid proxy service. In a DoS scenario, legitimate clients using the affected Squid proxy may experience service disruptions or complete loss of access to web resources. This could potentially affect a large number of users if the vulnerable proxy is widely used within an organization.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. This vulnerability has been fixed in the default build configuration of Squid version 6.10.

Mitigation

1. Update Squid to version 6.10 or later, which contains the fix for this vulnerability in its default build configuration. 2. If immediate updating is not possible, consider implementing additional network security measures to restrict access to the Squid proxy from untrusted servers. 3. Monitor proxy logs for any unusual activity or signs of exploitation attempts. 4. Consider implementing rate limiting or other traffic management techniques to mitigate the impact of potential DoS attacks.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-45802

Oct 28, 2024 at 3:15 PM
CVSS

A CVSS base score of 7.5 has been assigned.

Oct 28, 2024 at 3:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-45802. See article

Oct 28, 2024 at 3:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 28, 2024 at 3:24 PM
Vendor Advisory

RedHat CVE advisory released a security advisory (CVE-2024-45802).

Oct 28, 2024 at 3:30 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.9%)

Oct 29, 2024 at 9:43 AM
Threat Intelligence Report

CVE-2024-45802 is a high-severity Denial-of-Service vulnerability in the Squid caching proxy server, with a CVSS score of 7.5, affecting versions 3.0 through 6.9 when the Edge Side Includes (ESI) feature is enabled, as well as Squid 6.10 and newer if ESI is manually re-enabled. Currently, there are no proof-of-concept exploits available, and the vulnerability has not been actively exploited in the wild, with no specific threat actors targeting it. Organizations using Squid Proxy servers should ensure they have updated to version 6.10 or later and disabled ESI by default to mitigate potential service disruptions that could impact their vendor networks. See article

Nov 8, 2024 at 3:30 PM
Vendor Advisory

RedHat released a security advisory (RHSA-2024:9625).

Nov 14, 2024 at 8:00 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (942166)

Nov 15, 2024 at 7:53 AM
Static CVE Timeline Graph

Affected Systems

Squid-cache/squid
+null more

Patches

bugzilla.redhat.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

Vendor Advisory

CVE-2024-45802
Red Hat Enterprise Linux 7 - squid - Under investigation Red Hat Enterprise Linux 9 - squid - Under investigation

References

FOCUS FRIDAY: TPRM INSIGHTS ON LITESPEED CACHE, RICOH WEB IMAGE MONITOR, SQUID PROXY, AND XLIGHT FTP VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™
Black Kite’s FocusTag™ for CVE-2024-47939 was published on November 4, 2024, equipping TPRM professionals with actionable intelligence to identify and assess vendors utilizing vulnerable Ricoh printers and MFPs. By leveraging Black Kite’s platform, organizations can precisely filter and target vendors that operate affected Ricoh devices, thereby streamlining their risk assessment and mitigation processes. Have you configured firewall rules to block unauthorized IPs from accessing the device and limited access to the Web Image Monitor to trusted networks only to prevent potential exploitation of CVE-2024-47939?

News

Oracle Linux 9 : squid (ELSA-2024-9625)
Nessus Plugin ID 211610 with High Severity Synopsis The remote Oracle Linux host is missing a security update. Description The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-9625 advisory. - Resolves: RHEL-65076 - CVE-2024-45802 squid: Denial of Service processing ESI response content Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected squid package. Read more at https://www.tenable.com/plugins/nessus/211610
RockyLinux 8 : squid:4 (RLSA-2024:9644)
Nessus Plugin ID 211593 with High Severity Synopsis The remote RockyLinux host is missing one or more security updates. Description The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9644 advisory. * squid: vulnerable to a Denial of Service attack against Cache Manager error responses (CVE-2024-23638) * squid: Denial of Service processing ESI response content (CVE-2024-45802) Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/211593
rocky_linux RLSA-2024:9644: RLSA-2024:9644: squid:4 security update (Important)
Released Last Updated: 11/19/2024 CVEs: CVE-2024-45802 , CVE-2024-23638 Plugins: 211593
KRB5, Python, Libvirt, and more updates for AlmaLinux
The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the virtualized systems. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-9452.html
Red Hat Security Advisory 2024-9624-03
Red Hat Security Advisory 2024-9624-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a denial of service vulnerability.
See 39 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI