Ethical Hacking News
A high-severity security flaw has been discovered in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner. The vulnerability, tracked as CVE-2024-43405, carries a CVSS score of 7.4 and impacts all versions of Nuclei later than 3.0.0. If successfully exploited, this vulnerability could allow attackers to bypass signature checks and potentially execute malicious code.
There is a critical vulnerability in ProjectDiscovery's Nuclei open-source vulnerability scanner. The vulnerability was discovered by cloud security firm Wiz and has been assigned CVE-2024-43405. The vulnerability is rooted in the template signature verification process, which can be bypassed by malicious content injected into a template. The use of regular expressions for signature validation creates parsing inconsistencies that can be exploited to inject malicious templates. Organizations running version 3.3.7 of Nuclei are still vulnerable to exploitation, but can update to the latest version (3.3.2) to mitigate the risk.
Cybersecurity experts have sounded the alarm once again, this time warning of a critical vulnerability in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner. The discovery, which was made by cloud security firm Wiz and subsequently disclosed as CVE-2024-43405, has significant implications for organizations that rely on Nuclei to identify and mitigate security threats.
The Nuclei vulnerability is rooted in the template signature verification process, which is used to ensure the integrity of the templates made available in the official templates repository. According to Wiz researcher Guy Goldenberg, "the verification logic validates only the first # digest: line." This means that any malicious content injected into a template can bypass the signature verification process and be executed by the YAML parser.
The problem arises from the use of regular expressions (regex) for signature validation and the parsing conflict that arises as a result of using both regex and YAML parser. In essence, these parsing inconsistencies could be chained to create a Nuclei template that uses "\r" to include a second "# digest:" line that evades the signature verification process but gets parsed and executed by the YAML interpreter.
Furthermore, the verification process includes a step to exclude the signature line from the template content, but does so in a manner that only the first line is validated, thus leaving the subsequent lines unverified but executable. This creates an attack vector for this vulnerability, as attackers could exploit this functionality to inject malicious templates, leading to arbitrary command execution, data exfiltration, or system compromise.
The vulnerability was addressed by ProjectDiscovery on September 4, 2024, with version 3.3.2. However, the current version of Nuclei is 3.3.7, which means that organizations running this version may still be vulnerable to exploitation.
To mitigate this risk, it is essential for organizations to take immediate action and update their Nuclei installations to the latest version available. This will help prevent attackers from exploiting this vulnerability and executing malicious code on the host operating system.
The discovery of this vulnerability highlights the importance of keeping software up-to-date and vigilant in its security testing workflows. It also serves as a reminder that even seemingly secure tools can have hidden weaknesses waiting to be exploited.
In conclusion, the Nuclei vulnerability exposed by Wiz is a critical reminder for organizations to prioritize their cybersecurity posture. By staying informed about emerging vulnerabilities and taking proactive steps to address them, organizations can help protect themselves against potential attacks and ensure the integrity of their systems.
Related Information:
https://thehackernews.com/2025/01/researchers-uncover-nuclei.html
https://www.wiz.io/blog/nuclei-signature-verification-bypass
https://nvd.nist.gov/vuln/detail/CVE-2024-43405
https://www.cvedetails.com/cve/CVE-2024-43405/
Published: Sat Jan 4 09:56:47 2025 by llama3.2 3B Q4_K_M
