Apache HugeGraph-Server Improper Access Control Vulnerability

What is the Vulnerability?

CVE-2024-27348 is a remote code execution (RCE) vulnerability affecting Apache HugeGraph-Server. HugeGraph is a versatile graph database that integrates seamlessly with the Apache TinkerPop3 framework and the Gremlin query language, making it the first graph database project under the Apache umbrella.

This vulnerability in particular allows unauthenticated attackers to execute arbitrary operating system commands, which could result in unauthorized access, data manipulation, and potentially a complete system compromise.

Attacks related to this vulnerability appear to have intensified this week with FortiGuard Sensors blocking attack attempts on over 2000 devices. A Proof-of-Concept (PoC) exploit code for CVE-2024-27348 is available publicly and CISA has recently added the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog on Sept. 18, 2024.

What is the recommended Mitigation?

CVE-2024-27348, has been patched with the release of version 1.3.0. For more details: https://www.openwall.com/lists/oss-security/2024/04/22/3

What FortiGuard Coverage is available?

• FortiGuard recommends users to apply the upgrade provided by the vendor and follow instructions as mentioned on the vendor’s advisory. 

• Fortinet customers remain protected through the IPS (Intrusion Prevention System) Service to detect and block any attack attempts targeting the vulnerability. Intrusion Prevention | FortiGuard Labs

• The FortiGuard Incident Response team can be engaged to help with any suspected compromise.