CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 684
- Points
- 83
If you don't update, data theft is inevitable.
Specialists of the information security company Cyfirma discovered a dangerous vulnerability of remote Code Execution (RCE) in Apache NiFi, the operation of which can lead to unauthorized access and data theft.
Apache NiFi is an open source data integration and automation tool used for data processing and distribution. Cyfirma identified approximately 2,700 instances of Apache NiFi available online and owned by organizations in various sectors, including finance, government, healthcare, telecommunications, and others.
Vulnerability CVE-2023-34468 (CVSS 8.8) was fixed in June 2023. The error can be exploited by an authenticated attacker to configure the database URL with the H2 driver, which allows executing user code.
The problem occurs because some NiFi services support custom database access using JDBC, and because you can enter any string when setting the connection URL.
Such NiFi mechanisms allow a hacker to create connection strings for H2-an embedded Java database commonly used in Apache NiFi - to remotely execute code on vulnerable NiFi instances and gain unauthorized access to systems and data.
JDBC (Java Database Connectivity) is a standard API for Java that allows Java applications to interact with databases by executing SQL queries. H2 is a lightweight and fast Java database that can run in either embedded mode or server mode. The relationship between JDBC and H2 is implemented through the JDBC driver provided by H2, which allows developers to send SQL queries to the H2 database and process the results using the JDBC API.
Cyfirma noted that the vulnerability provides an attacker with the ability to gain unauthorized access to systems, extract confidential data, and remotely execute malicious code.
The bug affects NiFi versions 0.0.2 through 1.21.0 and has been fixed in NiFi version 1.22.0, which disables H2 JDBC URLs in the default configuration. It is also reported that an exploit for the vulnerability was published on the network, but so far no malicious exploitation of the flaw has been noticed. However, on the darknet, hackers are already actively discussing or trying to exploit CVE-2023-34468. Note that the attack difficulty level for this error is low.
However, given the severity and impact of the bug, as well as the fact that vulnerabilities in similar software products are known to be exploited, it is recommended that you upgrade your NiFi instances and be alert to possible exploitative attempts.
Specialists of the information security company Cyfirma discovered a dangerous vulnerability of remote Code Execution (RCE) in Apache NiFi, the operation of which can lead to unauthorized access and data theft.
Apache NiFi is an open source data integration and automation tool used for data processing and distribution. Cyfirma identified approximately 2,700 instances of Apache NiFi available online and owned by organizations in various sectors, including finance, government, healthcare, telecommunications, and others.
Vulnerability CVE-2023-34468 (CVSS 8.8) was fixed in June 2023. The error can be exploited by an authenticated attacker to configure the database URL with the H2 driver, which allows executing user code.
The problem occurs because some NiFi services support custom database access using JDBC, and because you can enter any string when setting the connection URL.
Such NiFi mechanisms allow a hacker to create connection strings for H2-an embedded Java database commonly used in Apache NiFi - to remotely execute code on vulnerable NiFi instances and gain unauthorized access to systems and data.
JDBC (Java Database Connectivity) is a standard API for Java that allows Java applications to interact with databases by executing SQL queries. H2 is a lightweight and fast Java database that can run in either embedded mode or server mode. The relationship between JDBC and H2 is implemented through the JDBC driver provided by H2, which allows developers to send SQL queries to the H2 database and process the results using the JDBC API.
Cyfirma noted that the vulnerability provides an attacker with the ability to gain unauthorized access to systems, extract confidential data, and remotely execute malicious code.
The bug affects NiFi versions 0.0.2 through 1.21.0 and has been fixed in NiFi version 1.22.0, which disables H2 JDBC URLs in the default configuration. It is also reported that an exploit for the vulnerability was published on the network, but so far no malicious exploitation of the flaw has been noticed. However, on the darknet, hackers are already actively discussing or trying to exploit CVE-2023-34468. Note that the attack difficulty level for this error is low.
However, given the severity and impact of the bug, as well as the fact that vulnerabilities in similar software products are known to be exploited, it is recommended that you upgrade your NiFi instances and be alert to possible exploitative attempts.
