CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine. The National Institute of Standards and Technology (NIST) has not yet evaluated this vulnerability’s CVSS score but HashiCorp assigned it a base score of 7.5 (high).
An outside security researcher, Jörn Heissler, discovered an issue with the valid_principals field in Vault’s SSH secrets engine. This field did not require the valid_principals list to contain a value by default. By allowing this field to receive an empty string as valid, a malicious authorized user can request an SSH certificate that allows the attacker to authenticate as any user on the host.
A successful attack could allow a bad actor unrestricted SSH access to systems, potentially leading to data breaches, service disruptions, and unauthorized control over critical infrastructure.
This vulnerability affects Vault Community Edition versions 1.7.7-1.17.5 and Vault Enterprise versions 1.7.7-1.17.5, as well as 1.16.9 and 1.15.14
HashiCorp has released patches for CVE-2024-7594; organizations can deploy Vault Community Edition 1.17.6 or Vault Enterprise 1.17.6, 1.16.10, and 1.15.15 to remediate this issue.
If it isn’t possible to patch vulnerable instances, organizations can mitigate this vulnerability by setting the SSH secrets engine valid_principals field to a non-empty value.
As of October 1st, 2024, there have been no reports of active exploitation of this vulnerability.
CyCognito is investigating methods to deploy to actively detect this vulnerability. Meanwhile, users can check their assets may be vulnerable using provided filters in the CyCognito platform. All customers have access to an in-platform emerging security issue announcement as of October 1st, 2024.
Figure 1: The alert sent by CyCognito for CVE-2024-7594
CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. Want to see how it works? Check out our website and explore our platform with a self-guided, interactive dashboard product tour. To learn how CyCognito can help you understand your external attack surface and exposed risks, please visit our Contact Us page to schedule a demo.
Emma Zaballos is an avid threat researcher who is passionate about understanding and combatting cybercrime threats. Emma enjoys monitoring dark web marketplaces, profiling ransomware gangs, and using intelligence for understanding cybercrime.
Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.
Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.
Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.
Discover insights on application security, exposure management and other key topics below.
The definitive guide to attack surface management. Learn everything you need to know to reduce your cyber security risk with attack surface management.
Exposure management is a set of processes which allow organizations to assess the visibility, accessibility, and risk factors of their digital assets.
Vulnerability assessment is the process of identifying, quantifying, and prioritizing vulnerabilities in a system.
Explore CyCognito modules ASM, AST and EI in the resources below.
Scalable, continuous, and comprehensive testing for all external assets, all the time.
CyCognito Automated Security Testing dynamically applies payload-based testing techniques across your entire external attack surface.
CyCognito Exploit Intelligence uses threat intelligence about attackers’ behavior and exploitability for enhanced prioritization.