CGSI identified active exploitation of CVE-2024-32113 in Apache OFBiz, with CVE-2024-45195 bypass activity amplifying exploitation attempts and Mirai botnet deployments observed. The report urges upgrading to 18.12.16+ and implementing mitigations to curb further abuse.
#Mirai #OFBiz
#Mirai #OFBiz
Keypoints
- Vulnerability identified: CVE-2024-32113 is a critical path traversal flaw in Apache OFBiz.
- Exploitation detected: Active exploitation noted around September 4–7, 2024.
- Severity: CVSSv3.1 score of 9.1, rated Critical.
- Affected versions: Apache OFBiz versions before 18.12.13.
- Exploitation method: Attackers send crafted requests to execute arbitrary commands on the server.
- Mitigation: Upgrade to Apache OFBiz 18.12.16 or later; consider WAF and least-privilege controls.
- Additional threat: CVE-2024-45195 bypasses patches, increasing exploitation risk and enabling Mirai deployment.
MITRE Techniques
- [T1059] Command and Scripting Interpreter – Execution of arbitrary commands through crafted requests. Quote: ‘Execution of arbitrary commands through crafted requests.’
- [T1105] Ingress Tool Transfer – Mirai botnet deployment on compromised systems. Quote: ‘Deployment of the Mirai botnet on compromised systems.’
- [T1003] OS Credential Dumping – Unauthorized access to sensitive information through command execution. Quote: ‘Unauthorized access to sensitive information through command execution.’
Indicators of Compromise
- [IPv4] Malicious IP – 185.190.24.111