CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 684
- Points
- 83
International corporations may lose control of their data.
The Oligo Security research group discovered a set of critical vulnerabilities in the open source tool for working with AI models TorchServe, which is used by tens of thousands of servers on the Internet, including servers of large organizations. The vulnerabilities are collectively called ShellTorch.
Supported by Meta and Amazon, TorchServe is a popular tool for deploying and scaling PyTorch models in an industrial environment. Users of the service include scientists engaged in research in the field of artificial intelligence, as well as large companies, including Amazon, OpenAI, Tesla, Azure, Google and Intel.
ShellTorch vulnerabilities allow unauthorized access to servers and remote code execution on vulnerable systems. The issues affect TorchServe versions 0.3.0 through 0.8.1.
Oligo analysts found tens of thousands of IP addresses affected by ShellTorch attacks, some of them belonging to large international organizations.
To fix the vulnerabilities, users are advised to upgrade to TorchServe 0.8.2, released on August 28, 2023. In addition, users must correctly configure the management console by setting the management address as http://127.0.0.1:8081 in the config.properties file, make sure that TorchServe binds to localhost, and not to all IP addresses configured on the server. You should also make sure that the server receives models only from trusted domains. To do this, update allowed_urls in the config.properties file accordingly.
The Oligo Security research group discovered a set of critical vulnerabilities in the open source tool for working with AI models TorchServe, which is used by tens of thousands of servers on the Internet, including servers of large organizations. The vulnerabilities are collectively called ShellTorch.
Supported by Meta and Amazon, TorchServe is a popular tool for deploying and scaling PyTorch models in an industrial environment. Users of the service include scientists engaged in research in the field of artificial intelligence, as well as large companies, including Amazon, OpenAI, Tesla, Azure, Google and Intel.
ShellTorch vulnerabilities allow unauthorized access to servers and remote code execution on vulnerable systems. The issues affect TorchServe versions 0.3.0 through 0.8.1.
- The first vulnerability is related to an incorrect configuration of the management API, which causes the web panel to bind to the IP address 0.0.0.0 by default, and not to localhost, which makes it accessible to external requests. Due to the lack of authentication, any user can download malicious models from an external address.
- The second issue, tracked as CVE-2023-43654 (CVSS: 9.8), is a Server-Side Request Forgery (SSRF) error, which, if exploited as part of a vulnerability chain, can lead to Remote Code Execution (RCE).
- The third vulnerability, tracked as CVE-2022-1471 (CVSS: 9.8), is related to a Java deserialization issue that can also lead to remote code execution due to unsafe deserialization in the SnakeYaml library.
Oligo analysts found tens of thousands of IP addresses affected by ShellTorch attacks, some of them belonging to large international organizations.
To fix the vulnerabilities, users are advised to upgrade to TorchServe 0.8.2, released on August 28, 2023. In addition, users must correctly configure the management console by setting the management address as http://127.0.0.1:8081 in the config.properties file, make sure that TorchServe binds to localhost, and not to all IP addresses configured on the server. You should also make sure that the server receives models only from trusted domains. To do this, update allowed_urls in the config.properties file accordingly.
