www.belgium.be Logo of the federal government

WARNING: CRITICAL SQL INJECTION VULNERABILITY PATCHED IN FORTRA FILECATALYST

Referentie: 
Advisory #2024-98
Versie: 
1.0
Geïmpacteerde software: 
Fortra FileCatalyst
Type: 
SQL Injection Vulnerability
CVE/CVSS: 

CVE-2024-5276: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Bronnen

https://www.fortra.com/security/advisory/fi-2024-008

Risico’s

This SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to alter application data. Potential consequences include the creation of administrative users and the deletion or modification of data within the application database. However, data exfiltration via SQL injection is not feasible with this vulnerability.
 
CVE-2024-5276 is rated as CRITICAL with HIGH impact on the CIA triad.
 
A Proof of Concept (POC) exploiting this vulnerability is available online. Urgent patching is advised!

Beschrijving

A SQL injection vulnerability exists, whereby an attacker can utilize a script to implement the injection and execute an undesired SQL command, including table deletion or creating an admin-level user. An admin-level user has privileges that may affect other FileCatalyst components within your deployment.  
 
Exploiting this vulnerability without authentication requires a Workflow system with anonymous access enabled; otherwise, an authenticated user is necessary. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.

Aanbevolen acties

Patch
 
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
 
Monitor/Detect
 
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

 

Referenties

https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-f...?