CVE-2024-28872

The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected. This issue affects Stork versions 0.15.0 through 1.15.0.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://kb.isc.org/docs/cve-2024-28872	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:isc:stork:*:*:*:*:*:*:*:*

History

12 Jul 2024, 18:48

Type	Values Removed	Values Added
CPE		cpe:2.3:a:isc:stork::::::::
References	~~() https://kb.isc.org/docs/cve-2024-28872 -~~	() https://kb.isc.org/docs/cve-2024-28872 - Vendor Advisory
CWE		CWE-295
CVSS	v2 : ~~unknown~~ v3 : ~~8.9~~	v2 : unknown v3 : 8.1
First Time		Isc stork Isc
Summary		(es) El código de validación del certificado TLS es defectuoso. Un atacante puede obtener un certificado TLS del servidor Stork y usarlo para conectarse al agente Stork. Una vez que se establece esta conexión con el certificado válido, el atacante puede enviar comandos maliciosos a un servicio monitoreado (Kea o BIND 9), lo que posiblemente resulte en la pérdida de datos confidenciales y/o la denegación del servicio. Cabe señalar que esta vulnerabilidad no está relacionada directamente con BIND 9 o Kea, y solo los clientes que utilizan la herramienta de administración Stork se ven potencialmente afectados. Este problema afecta a las versiones de Stork 0.15.0 a 1.15.0.

11 Jul 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-11 15:15

Updated : 2024-07-12 18:48

NVD link : CVE-2024-28872

Mitre link : CVE-2024-28872

CVE.ORG link : CVE-2024-28872

JSON object : View

Products Affected

isc

stork

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2024-28872", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "security-officer@isc.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.2}]}, "published": "2024-07-11T15:15:11.377", "references": [{"url": "https://kb.isc.org/docs/cve-2024-28872", "tags": ["Vendor Advisory"], "source": "security-officer@isc.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected.\nThis issue affects Stork versions 0.15.0 through 1.15.0."}, {"lang": "es", "value": "El c\u00f3digo de validaci\u00f3n del certificado TLS es defectuoso. Un atacante puede obtener un certificado TLS del servidor Stork y usarlo para conectarse al agente Stork. Una vez que se establece esta conexi\u00f3n con el certificado v\u00e1lido, el atacante puede enviar comandos maliciosos a un servicio monitoreado (Kea o BIND 9), lo que posiblemente resulte en la p\u00e9rdida de datos confidenciales y/o la denegaci\u00f3n del servicio. Cabe se\u00f1alar que esta vulnerabilidad no est\u00e1 relacionada directamente con BIND 9 o Kea, y solo los clientes que utilizan la herramienta de administraci\u00f3n Stork se ven potencialmente afectados. Este problema afecta a las versiones de Stork 0.15.0 a 1.15.0."}], "lastModified": "2024-07-12T18:48:45.307", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:isc:stork:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "472AF937-5947-46B8-984E-CDD84953C830", "versionEndExcluding": "1.15.1", "versionStartIncluding": "0.15.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-officer@isc.org"}