Identified a POC for the CVE-2024-34102 Vulnerability in Magento / Adobe Commerce

Pietro Melillo : 29 June 2024 19:42

Recently, a Proof of Concept (POC) for a vulnerability identified as CVE-2024-34102, which affects the Magento and Adobe Commerce e-commerce platforms, has been found online. This vulnerability, detected by security experts from Assetnote, represents a significant threat as it allows for unauthenticated XML entity injection attacks.

Vulnerability Description

CVE-2024-34102 is an XML entity injection vulnerability that can be exploited before the authentication phase, making it particularly dangerous. E-commerce platforms like Magento and Adobe Commerce are widely used for managing online stores, and a flaw of this type could expose numerous sensitive data and compromise the security of the involved servers.

Technical Details

Sei un Esperto di Formazione?
Entra anche tu nel Partner program!
Accedi alla sezione riservata ai Creator sulla nostra Academy e scopri i vantaggi riservati ai membri del Partner program.
Per ulteriori informazioni, scrivici ad [email protected] oppure su Whatsapp al 379 163 8765 

Supporta RHC attraverso:

• L'acquisto del fumetto sul Cybersecurity Awareness
• Seguendo RHC su WhatsApp
• Seguendo RHC su Telegram
• Scarica gratuitamente "Dark Mirror", il report sul ransomware di Dark Lab

Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo

The attack exploits the ability of an XML parsing system to process external entities, allowing an attacker to induce the server to read local files or make requests to other network resources. In this specific case, the POC attempts to read files from target servers that are vulnerable to CVE-2024-34102. This type of attack can lead to the exposure of sensitive data, including configuration files, access keys, and other critical information that could further compromise the system’s security.

Security Implications

The impact of this vulnerability is considerable. An attacker who successfully exploits this flaw could:

1. Access sensitive files on the vulnerable server.
2. Gather critical information that can be used for further attacks.
3. Compromise the confidentiality, integrity, and availability of the data managed by the e-commerce system.
4. Perform lateral movements within the corporate network, increasing the risk of broader compromises.

Mitigation Measures

To mitigate the risk associated with this vulnerability, it is essential to adopt the following measures:

1. System Updates: Ensure that all installations of Magento and Adobe Commerce are updated with the latest security patches released by their respective vendors.
2. Secure XML Parser Configuration: Disable external entity resolution in the XML parser used by the system.
3. Log Monitoring: Implement a log monitoring system to detect suspicious activities that might indicate attempts to exploit the vulnerability.
4. Server Isolation: Isolate production servers to limit the potential impact of a compromise.

Conclusions

The discovery of the POC for the CVE-2024-34102 vulnerability once again highlights the importance of security in e-commerce platforms. System administrators must be proactive in applying security patches and correctly configuring their environments to prevent such attacks. Collaboration with security experts and continuous training of personnel responsible for system management can significantly contribute to reducing the risks associated with these threats.

In conclusion, while technologies continue to evolve, security vulnerabilities remain a constant challenge. The IT community must remain vigilant and responsive to protect digital resources and maintain user trust.

Pietro Melillo
Head of the Dark Lab group. A Computer Engineer specialised in Cyber Security with a deep passion for Hacking and technology, currently CISO of WURTH Italia, he was responsible for Cyber Threat Intelligence & Dark Web analysis services at IBM, carries out research and teaching activities on Cyber Threat Intelligence topics at the University of Sannio, as a Ph.D, author of scientific papers and development of tools to support cybersecurity activities. Leads the CTI Team "RHC DarkLab"