Threat actors are actively exploiting a critical remote code execution (RCE) vulnerability in Apache HugeGraph-Server [4], identified as CVE-2024-27348 with a CVSS score of 9.8 [7].

Description

This flaw affects versions 1.0.0 to 1.3.0 in Java 8 and Java 11 [3], allowing attackers to execute arbitrary operating system commands by exploiting missing reflection filtering in the SecurityManager [4]. The vulnerability enables attackers to bypass sandbox restrictions and achieve code execution [2] [6] [8], granting them complete control over affected systems. In-the-wild exploitation attempts targeting the “/gremlin” endpoint with POST requests have been observed, underscoring the importance of promptly applying the latest fixes [6]. The Shadowserver Foundation has reported active exploitation attempts leveraging the flaw and emphasized the urgency for users to apply the latest fixes immediately [7]. A patch for the vulnerability was released in April 2024 [5], with recommendations to enable the Auth system and ‘Whitelist-IP/port’ function for improved security [5]. Upgrading to version 1.3.0 with Java11 is also recommended to mitigate the flaw and enable the Auth system. Apache projects have been targeted by nation-state and financially motivated threat actors in recent years [8], with vulnerabilities in Log4j [8], ActiveMQ [7] [8], and RocketMQ also being heavily exploited to infiltrate target environments [8]. Apache HugeGraph is an open source graph database system used for various applications [5], including network security [5], telecommunications fraud detection [5], and intelligent robots [5]. HugeGraph-Server is the core component responsible for managing graph data efficiently and supporting various backend storage engines [5]. Organizations are advised to update to the latest version of Apache HugeGraph-Server (1.3.0) and implement additional security measures to mitigate the risk of attacks [1].

Conclusion

Organizations must act swiftly to apply the latest fixes and upgrade to version 1.3.0 with Java11 to protect against active exploitation attempts. Implementing additional security measures [1], such as enabling the Auth system and ‘Whitelist-IP/port’ function [5], is crucial to mitigate the risk of attacks. The exploitation of vulnerabilities in Apache projects highlights the importance of maintaining up-to-date software and implementing robust security measures to safeguard against cyber threats.

References

[1] https://www.krofeksecurity.com/critical-apache-hugegraph-vulnerability-under-attack-patch-asap/
[2] https://vulners.com/thn/THN:BC6D4DA98D1C550090BBEFE7A20ED529
[3] https://bragg.substack.com/p/daily-drop-819-fbi-phone-exploits
[4] https://cybersecuritynews.com/apache-hugegraph-server-rce-vulnerability/
[5] https://www.techradar.com/pro/security/apache-hugegraph-users-told-to-patch-immediately-to-stay-safe-from-this-dangerous-bug
[6] https://cyber.vumetric.com/security-news/2024/07/17/critical-apache-hugegraph-vulnerability-under-attack-patch-asap/
[7] https://vulert.com/blog/apache-hugegraph-vulnerability/
[8] https://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html