CVE-2024-9050

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Oct 22, 2024 / Updated: 28d ago

010
CVSS 7.8EPSS 0.05%High
CVE info copied to clipboard

A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (244563)

Oct 22, 2024 at 7:53 AM
Vendor Advisory

RedHat released a security advisory (RHSA-2024:8312).

Oct 22, 2024 at 8:00 AM
Vendor Advisory

RedHat CVE advisory released a security advisory (CVE-2024-9050).

Oct 22, 2024 at 12:15 PM
CVSS

A CVSS base score of 7.8 has been assigned.

Oct 22, 2024 at 12:15 PM / redhat-cve-advisories
First Article

Feedly found the first article mentioning CVE-2024-9050. See article

Oct 22, 2024 at 12:18 PM / Red Hat CVE Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 22, 2024 at 12:18 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 22, 2024 at 1:11 PM
CVE Assignment

NVD published the first details for CVE-2024-9050

Oct 22, 2024 at 1:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (209523)

Oct 22, 2024 at 11:15 PM
Static CVE Timeline Graph

Affected Systems

Libreswan/libreswan
+null more

Patches

bugzilla.redhat.com
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

Vendor Advisory

CVE-2024-9050
As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine. A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user.

News

Oracle Linux 9 : NetworkManager-libreswan (ELSA-2024-9555)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9555 advisory. The remote Oracle Linux host is missing a security update.
Fedora 41 : NetworkManager-libreswan (2024-2e8944621e)
The remote Fedora host is missing one or more security updates. The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-2e8944621e advisory.
Red Hat Enterprise Linux 9 update for NetworkManager-libreswan
No. This vulnerability can be exploited locally. This security bulletin contains one low risk vulnerability.
RHSA-2024:9556: Important: NetworkManager-libreswan security update
An update for NetworkManager-libreswan is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
RHSA-2024:9555: Important: NetworkManager-libreswan security update
An update for NetworkManager-libreswan is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
See 53 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI