WARNING: IMPROPER AUTHENTICATION VULNERABILITY IN FORTRA TRIPWIRE ENTERPRISE 9.1 APIS, PATCH IMMEDIATELY!
CVE-2024-4332: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://www.fortra.com/security/advisory/fi-2024-006
Risks
Tripwire is a security solution that provides file integrity monitoring, vulnerability management, and configuration assessment capabilities. Its primary objective is to detect and alert on unauthorized changes made to files, directories, and system configurations.
CVE-2024-4332 is an authentication bypass vulnerability identified in the REST and SOAP API components of Tripwire Enterprise 9.1.0. This vulnerability affects Tripwire Enterprise components when the components are configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled.
CVE-2024-4332 has been assigned a CVSSv3.1 score of 9.8, indicating a severe impact on Confidentiality, Integrity, and Availability.
Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.
Description
An authentication bypass vulnerability (CVE-2024-4332) has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled.
This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.
Upgrade to Tripwire Enterprise 9.1.1 to remediate this vulnerability.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.