A high-severity distant code execution (RCE) vulnerability in Apache NiFi, for which an exploitation software already exists, can result in unauthorized entry and data breaches, cybersecurity agency Cyfirma warns.
An open-source information integration and automation software, Apache NiFi is used for the processing and distribution of information.
Tracked as CVE-2023-34468 (CVSS rating of 8.8) and addressed in June 2023, the difficulty could be exploited by authenticated customers to “configure a database URL with the H2 driver that permits customized code execution”.
The problem exists as a result of sure NiFi companies assist configurable entry to databases utilizing JDBC and since any string might be launched when setting properties such because the connection URL.
This basically permits an attacker to craft connection strings for H2 – an embedded Java-based database sometimes utilized in Apache NiFi – to execute code remotely on susceptible NiFi cases and acquire unauthorized entry to programs and information.
“The impression of this vulnerability is extreme, because it grants attackers the power to achieve unauthorized entry to programs, exfiltrate delicate information, and execute malicious code remotely,” Cyfirma notes in an evaluation of the bug and its exploitation.
The bug impacts NiFi variations 0.0.2 via 1.21.0 and was addressed with the discharge of NiFi model 1.22.0, which “disables H2 JDBC URLs within the default configuration”.
As of August 30, a public exploit exists for this vulnerability, however no malicious exploitation of the flaw has been noticed thus far, Cyfirma notes.
Nonetheless, contemplating the severity and impression of the bug, and the truth that vulnerabilities in related software program merchandise are recognized to have been exploited in malicious assaults, organizations are suggested to replace their NiFi cases and stay vigilant of potential exploitation makes an attempt.
“It is very important acknowledge that risk actors could try to take advantage of CVE-2023-34468 in Apache NiFi. This might result in unauthorized entry, data breaches, or community compromise. Organizations ought to take this threat significantly and apply patches or updates to safe their programs,” Cyfirma notes.
Actually, Cyfirma notes that it has noticed cyber actors “actively discussing or exploiting CVE-2023-34468” on the darkish net and that the assault complexity degree for this bug is low.
The cybersecurity agency has recognized roughly 2,700 Apache NiFi cases uncovered to the web, belonging to organizations in varied sectors, together with finance, authorities, healthcare, telecommunications, and others.
