FOCUS MODE
EXTRACT IOC
Cyber Attack

TrueNAS CORE Vulnerability Allows Unauthenticated Attacks

Cyware

Cyberattack Disrupts Online Services at Sarapu Town Hall

Summary: A critical vulnerability (CVE-2024-11944) has been discovered in TrueNAS CORE, allowing remote code execution without authentication. This flaw poses significant risks, including data exfiltration and device compromise, necessitating immediate updates for users.

Threat Actor: Malicious actors | malicious actors
Victim: TrueNAS users | TrueNAS users

Key Point :

  • Vulnerability allows remote code execution due to inadequate validation of user-supplied paths.
  • Attackers can exploit this flaw without prior authentication, targeting network-adjacent devices.
  • Consequences include data exfiltration, device compromise, and service disruption.
  • Identified by security researchers from Computest Sector 7.
  • Users are urged to update to TrueNAS CORE 13.0-U6.3 to mitigate risks.

A critical vulnerability has been uncovered in TrueNAS CORE, the popular open-source network-attached storage (NAS) operating system. Tracked as CVE-2024-11944 and assigned a CVSS score of 7.5, this security flaw could allow malicious actors to remotely execute code on vulnerable TrueNAS devices without authentication.

The flaw resides in the tarfile.extractall method used in file operations. Specifically, the issue stems from inadequate validation of user-supplied paths. By exploiting this vulnerability, attackers can craft a malicious archive that, when processed, allows them to traverse the file system and write files to unintended locations. This can be leveraged to execute arbitrary code with root-level privileges.

Since the attack does not require prior authentication, network-adjacent attackers—those on the same network or able to access the device—can exploit the vulnerability. Once exploited, the attacker could potentially gain full control of the affected NAS, leading to severe consequences such as:

  • Data Exfiltration: Unauthorized access to sensitive stored files.
  • Device Compromise: Installation of backdoors or other malicious software.
  • Service Disruption: Corruption or deletion of critical system files.

This vulnerability was identified by Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7, a renowned security research team.

The CVE-2024-11944 vulnerability has been addressed in TrueNAS CORE 13.0-U6.3, and users are strongly urged to update their installations immediately to protect against potential exploitation.

Related Posts:

Source:
https://securityonline.info/cve-2024-11944-truenas-core-vulnerability-allows-unauthenticated-attacks

Views: 0

Tags: CVE, VULNERABILITY, EXFILTRATION, EXPLOIT