www.belgium.be Logo of the federal government

WARNING: IMPROPER AUTHENTICATION VULNERABILITY IN FORTRA TRIPWIRE ENTERPRISE 9.1 APIS, PATCH IMMEDIATELY!

Reference: 
Advisory #2024-81
Version: 
1.0
Affected software: 
Fortra Tripwire Enterprise 9.1 APIs
Type: 
Authentication bypass vulnerability
CVE/CVSS: 

CVE-2024-4332: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

https://www.fortra.com/security/advisory/fi-2024-006

Risks

Tripwire is a security solution that provides file integrity monitoring, vulnerability management, and configuration assessment capabilities. Its primary objective is to detect and alert on unauthorized changes made to files, directories, and system configurations.

CVE-2024-4332 is an authentication bypass vulnerability identified in the REST and SOAP API components of Tripwire Enterprise 9.1.0. This vulnerability affects Tripwire Enterprise components when the components are configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled.  

CVE-2024-4332 has been assigned a CVSSv3.1 score of 9.8, indicating a severe impact on Confidentiality, Integrity, and Availability.

Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.

Description

An authentication bypass vulnerability (CVE-2024-4332) has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled.

This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.

Upgrade to Tripwire Enterprise 9.1.1 to remediate this vulnerability.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.