Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2024-9050

Disclosure Date: October 22, 2024 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the leftupdownkey. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system’s network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

OS

Unknown

Vulnerable Versions

Red Hat Enterprise Linux 7.7 Advanced Update Support not down converted

Red Hat Enterprise Linux 7 Extended Lifecycle Support not down converted

Red Hat Enterprise Linux 8 not down converted

Red Hat Enterprise Linux 8.2 Advanced Update Support not down converted

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support not down converted

Red Hat Enterprise Linux 8.4 Telecommunications Update Service not down converted

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions not down converted

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support not down converted

Red Hat Enterprise Linux 8.6 Telecommunications Update Service not down converted

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions not down converted

Red Hat Enterprise Linux 8.8 Extended Update Support not down converted

Red Hat Enterprise Linux 9 not down converted

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions not down converted

Red Hat Enterprise Linux 9.2 Extended Update Support not down converted

Red Hat Enterprise Linux 9.4 Extended Update Support not down converted

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

Red Hat

Products

Weaknesses

CWE-94

References

Canonical

CVE-2024-9050 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9050)

Miscellaneous

https://access.redhat.com/security/cve/CVE-2024-9050

https://bugzilla.redhat.com/show_bug.cgi?id=2313828

https://access.redhat.com/errata/RHSA-2024:8312

https://access.redhat.com/errata/RHSA-2024:8338

https://access.redhat.com/errata/RHSA-2024:8352

https://access.redhat.com/errata/RHSA-2024:8353

https://access.redhat.com/errata/RHSA-2024:8354

https://access.redhat.com/errata/RHSA-2024:8355

https://access.redhat.com/errata/RHSA-2024:8356

https://access.redhat.com/errata/RHSA-2024:8357

https://access.redhat.com/errata/RHSA-2024:8358

https://access.redhat.com/errata/RHSA-2024:9555

https://access.redhat.com/errata/RHSA-2024:9556

https://www.openwall.com/lists/oss-security/2024/10/25/1

Rapid7

Technical Analysis