CVE-2024-9313
Published: Oct 3, 2024 / Updated: 47d ago

010
CVSS 8.8EPSS 0.04%High
CVE info copied to clipboard

Summary

A vulnerability in the Authd PAM module versions prior to 0.3.5 allows broker-managed users to impersonate any other user managed by the same broker. This impersonation can be used to perform any PAM operation, including authentication, as the impersonated user.

Impact

This vulnerability has a high severity impact with a CVSS score of 8.8. Attackers with low privileges can exploit this flaw to gain unauthorized access to user accounts managed by the same broker. This can lead to: 1. Unauthorized authentication: Malicious users can log in as other users without knowing their credentials. 2. Privilege escalation: Lower-privileged users could potentially impersonate users with higher privileges. 3. Data breach: Confidential information belonging to impersonated users could be accessed and exfiltrated. 4. System compromise: Depending on the impersonated user's permissions, attackers could potentially gain control over critical system functions. The vulnerability affects all three main aspects of information security: confidentiality, integrity, and availability.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been fixed in Authd PAM module version 0.3.5. Users should upgrade to this version or later to mitigate the risk.

Mitigation

1. Immediate patching: Upgrade the Authd PAM module to version 0.3.5 or later as soon as possible. 2. Access control review: Conduct a thorough review of user access rights and permissions, especially for broker-managed users. 3. Monitoring: Implement enhanced monitoring for authentication attempts and user activities, particularly for broker-managed accounts. 4. Least privilege principle: Ensure that all users, especially those managed by brokers, have only the minimum necessary permissions. 5. Multi-factor authentication: If not already in place, consider implementing multi-factor authentication to add an extra layer of security. 6. Audit logs: Review and analyze authentication logs for any suspicious activities that might indicate exploitation of this vulnerability. 7. Network segmentation: If possible, isolate systems using the affected Authd PAM module until patching can be completed.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9313

Oct 3, 2024 at 11:15 AM
CVSS

A CVSS base score of 8.8 has been assigned.

Oct 3, 2024 at 11:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-9313. See article

Oct 3, 2024 at 11:24 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 3, 2024 at 11:24 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Oct 4, 2024 at 9:41 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (757378)

Nov 5, 2024 at 7:53 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (210390)

Nov 6, 2024 at 12:15 PM
Static CVE Timeline Graph

Affected Systems

Teether/authd
+null more

News

SUSE SLES15 / openSUSE 15 Security Update : govulncheck-vulndb (SUSE-SU-2024:3911-1)
The remote SUSE host is missing one or more security updates. The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3911-1 advisory.
suse_linux SUSE-SU-2024:3911-1: SUSE SLES15 / openSUSE 15 : Security update for govulncheck-vulndb (Important) (SUSE-SU-2024:3911-1)
Testing Last Updated: 11/6/2024 CVEs: CVE-2024-49757 , CVE-2024-47182 , CVE-2024-8037 , CVE-2024-47827 , CVE-2024-8996 , CVE-2024-9264 , CVE-2024-47003 , CVE-2024-33662 , CVE-2024-47067 , CVE-2024-9180 , CVE-2024-49753 , CVE-2024-8038 , CVE-2024-9407 , CVE-2024-48921 , CVE-2024-47877 , CVE-2024-10214 , CVE-2023-32197 , CVE-2024-47832 , CVE-2024-8901 , CVE-2024-39223 , CVE-2024-9355 , CVE-2024-9313 , CVE-2024-8975 , CVE-2024-9341 , CVE-2024-36814 , CVE-2024-49381 , CVE-2024-22036 , CVE-2024-9486 , CVE-2024-47825 , CVE-2024-7558 , CVE-2023-22644 , CVE-2024-9594 , CVE-2024-47616 , CVE-2024-10241 , CVE-2024-49380 , CVE-2022-45157 , CVE-2024-38365 , CVE-2024-47534 , CVE-2024-48909 , CVE-2024-9312 , CVE-2024-7594 , CVE-2024-22030 , CVE-2024-9675 , CVE-2024-50312
Security: Mehrere Probleme in govulncheck-vulndb (SUSE)
* SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE: 2024:3911-1 important: govulncheck-vulndb Security Advisory Updates
* jsc#PED-11136 Cross-References: * CVE-2022-45157 * CVE-2023-22644
openSUSE: 2024:3911-1: important: govulncheck-vulndb Security Advisory Update
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20241030T212825 2024-10-30T21:28:25Z ( jsc#PED-11136 )
See 18 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI