Shadow Ray Vulnerability Allows for RCE

Ray, one of the most popular open source AI frameworks, contains a severe vulnerability, with hundreds of exploitation cases known at the moment. The research of Oligo Security uncovers the peculiar story of CVE-2023-48022: it was originally detected together with four others back in December 2023. While Anyscale, the developer, managed to fix the rest pretty quickly, one became a subject of discussions. The devs stated it is an intended behavior and not a bug, refusing to fix the issue.

CVE-2023-48022, coined ShadowRay, is a remote code execution flaw that stems from lack of authorization in Jobs API. The latter in fact allows anyone to create jobs for the cluster after accessing the dashboard. Among the possible jobs is code execution – a function the users need quite often in the typical workflow. This in fact was the point of controversy when another research team discovered the flaw in 2023. Anyscale insists that security around the framework and all its assets should be established by the users.

Remote code execution vulnerabilities are one of the most severe out there, as they in fact allow for simultaneous code execution on several machines. In this specific case, it is not workstations that are in danger, but ML clusters, with all the computing power and data they have.

How Critical is This Flaw?

As I said, the Ray framework is among the most popular ones for handling AI workloads. Among its users are loud names like Amazon, Netflix, Uber, Spotify, LinkedIn and OpenAI, though there are hundreds and thousands of smaller companies. Their GitHub repository boasts of over 30k stars, meaning that the total user count definitely exceeds this number. So yes, the attack surface is pretty significant.

Much worse things surface when we think about what exactly is compromised. When compared to workstations, corporate networks and servers, machine learning clusters are completely different. They are powerhouse systems, with ML workloads oriented hardware and related data, like access tokens, credentials to the connected apps, and so on. Numerous system that keep such info are interconnected using Ray framework. So a successful exploitation of ShadowRay effectively equals accessing the entirety of all this.

Despite being oriented towards AI workloads, hardware, more specifically GPUs, are still usable for other workloads. In particular, upon accessing the ML cluster, frauds can deploy coin miner malware that would fill their purses at the expense of the victim company. But what is more concerning here is the possibility of dataset leak. Quite a few companies learn their AIs using their own unique developments, or the selection of carefully picked data. Leaking corporate secrets may be critical for large companies, and fatal for smaller ones.

ShadowRay Vulnerability Exploited in the Wild

The most unfortunate part about the ShadowRay flaw is that it is already exploited in real-world attacks. Moreover, hackers most likely exploited it way before its discovery. The original research says the first exploitation cases happened back in September 2023. However, they did not stop, as there were also attacks that happened less than a month ago – in late February 2024.

Among the visible consequences of the attack were malicious coin miners that exploited the powerful hardware of hacked clusters. Hackers particularly deployed XMRig, NBMiner and Zephyr malicious miners. All of them were running off the land, meaning that static analysis was practically useless against this malware.

Less obvious, but potentially more critical was the leak of data kept on the clusters. I am talking not only about the datasets, but also workflow related information, like passwords, credentials, access tokens, and even cloud environments access. From this point of view, this is rather similar to compromising a server that handles the workflow of a software developing team.

ShadowRay Fixes Are Not Available

As I’ve mentioned above, Anyscale does not agree with the definition of absent input authentication in Jobs API as vulnerability. They believe that the user should take care about the security of the Ray framework. And I somewhat agree with this, with only one caveat: the need for a visible warning about such a “feature” during the setup. When it comes to the scale of OpenAI or Netflix, such shortcomings are inacceptable.

At the moment, the best mitigation is to filter the access to the dashboard. A properly configured firewall will fit well for this purpose. Experts also offer to set up the authentication to the Ray Dashboard port (8265), effectively fixing the vulnerability.

Use advanced security solutions that will be able to detect memory threats as well as malware on the disk. In almost all attack cases, adversaries did not leave any files on the disk, performing the attack in the LOTL form. EDR/XDR solutions may look costly, but recovering after the hack of all company’s assets costs more, both in monetary and reputational terms.

The post ShadowRay Vulnerability Threatens AI Workloads, No Patch Available appeared first on Gridinsoft Blog.

What is a Shim Bootloader?

Shim serves as a small, open-source bootloader, crucial for facilitating the Secure Boot process on computers leveraging the Unified Extensible Firmware Interface (UEFI). It is signed with a Microsoft key, which is widely accepted by UEFI motherboards to verify the boot process’s integrity.

The vulnerability, discovered by Microsoft’s Bill Demirkapi, is found in Shim’s handling of HTTP boot operations. It allows for out-of-bounds write operations through manipulated HTTP responses.

Shim RCE Vulnerability Uncovered

The exploitation of CVE-2023-40547 (CVSS score: 9.8) involves creating specially crafted HTTP requests that lead to an out-of-bounds write. This flaw can be exploited in various ways, including remote code execution, network-adjacent, and local attacks. For instance, a remote attacker could intercept HTTP boot traffic through a Man-in-the-Middle attack. Meanwhile, a local attacker could modify EFI variables or use a live Linux USB. These actions could alter the boot process and allow the execution of privileged code.

The ability to execute code before the operating system loads presents a significant threat. It allows attackers to deploy stealthy bootkits that can undermine the security of the compromised system. This level of access grants attackers the ability to bypass traditional security controls and maintain persistent, undetected presence on the affected system.

Red Hat Fixes Shim RCE Flaw

In response to this vulnerability, RedHat issued a fix on December 5, 2023. Users of Shim, including major Linux distributions like Red Hat, Debian, Ubuntu, and SUSE, are urged to update to the latest version of Shim (v15.8), which addresses CVE-2023-40547 and other vulnerabilities. Additionally, users must update the UEFI Secure Boot DBX (revocation list). This update is necessary to prevent the execution of vulnerable Shim versions. It also ensures that the patched version is signed with a valid Microsoft key.

Linux becomes a more and more viable target for different malware families. Sure, it has been predominant in APT attacks for quite some time, as it is a backbone of server infrastructure. Though, an increased number of Linux malware in the form of ransomware, spyware and rootkits appear over the last few years, which is a rather worrying trend. The vulnerability like the one I’ve described above is nothing to mess around with – it may and will be exploited, sooner or later.

The post Shim Bootloader Vulnerability Affects Linux Systems appeared first on Gridinsoft Blog.

Sierra AirLink Routers Have 21 Vulnerabilities

As Forescout Vedere researchers describe in their research, the AirLink lineup of devices contains 21 software vulnerabilities. Among them, only one issue got the CVSS score over 9, which is considered critical. RCE vulnerabilities and a couple of ones that may allow for unauthorized access are rated 8.1 to 8.8. Several other noteworthy issues, particularly ones that cause Denial of Service, are rated at CVSS 7.5.

Researchers did a detailed description of the potential exploitation cases for two of the most critical vulnerabilities. For CVE-2023-41101, a hacker can take over the router by overflowing the buffer in OpenNDS captive portal. Using the lack of length limitation in GET requests, it is possible to make the router execute arbitrary code. By controlling the router, adversaries can disrupt the operations related to the mentioned interface.

#2 in the list, CVE-2023-40463, requires an attacker to possess a router similar to the one it tries to attack. By digging through the device’s software elements and applying some hash cracking magic, it is possible to obtain the diagnostic shell password. Further, using a bit of social engineering, adversaries may connect to the actual router and enter its diagnostic interface using the password they’ve obtained earlier. With such access, it is possible to inject malware to the router, force it to malfunction, or execute your commands remotely.

Available Mitigations

Despite such a worrying amount of exploits, all of them allegedly receive a fix in the latest version of the firmware for AirLink devices. ALEOS 4.17.0 should address all the flaws, and, if some incompatibilities are in the way, customers may stick to version 4.9.9. The latter is not vulnerable to named vulnerabilities except for ones that touch OpenNDS captive portals.

Researchers who found all the issues also offer their own mitigation for the vulnerabilities that allow delaying the patch installation. Though, as it usually happens to all the stopgap solutions, they are not ideal and do not guarantee the effect.

1. Disable unused captive portals and related services, or put them under restricted access. This reduces the attack surface for vulnerabilities that target OpenNDS.
2. Use a web app firewall to filter the requests and block the packets of a suspicious source. This mitigation works against XSS and DoS vulnerabilities.
3. Change the default SSL certificates. Forescout recommends doing this to all the routers, not only to Sierra Wireless ones.
4. Implement an intrusion detection system that monitors IoT/OT devices as well. This allows for controlling both connections from outside the network and ones within it.

What are Sierra AirLink Routers?

Have you ever wondered, how does the Wi-Fi in a public transport function? Or how all the machinery in a huge workshop is connected and centrally managed even though it is not static? Well, Sierra’s devices are the answer. Their routers are industrial-grade wireless connectivity devices that are used in dozens of industries – starting from public transportation and all the way up to aerospace & defense.

What is particularly concerning for this story is the extensive use of AirLink routers in critical infrastructure. Factories, transportation – they are important, though not as continuously demanded as water treatment, emergency services and energy management. And since IoT more and more often attracts hackers’ attention, the actions should be taken immediately. Considering the extensive use of vulnerable AirLink devices in the US, it may be the perfect Achilles’ heel for cyberattacks that target critical infrastructure and even government.

The post Sierra AirLink Vulnerabilities Expose Critical Infrastructure appeared first on Gridinsoft Blog.

Cisco will not patch the zero-day CVE-2022-20825 vulnerability on end-of-life devices. The affected devices are Small Business RV routers (mobile routers for recreational vehicles and boats.) The specific vulnerable models are RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router.

In its advisory, Cisco suggests users switch to newer models that receive all technical support and updates. For those who keep using the good old stuff, the manufacturer shows how to switch off the device remote control since the vulnerability only exists on routers with the remote management interface turned on (not a default config.) Going to Basic Settings => Remote Management and clearing the relevant tick box will be enough to secure the device, although it will lower its convenience level.

It’s no wonder the severity of vulnerability in question is rated 9.8x out of 10. It allows hackers to execute commands remotely bestowed with root privileges after sending a specially tailored request to the device. The lack of user input validation of the HTTP packets puts the four named router models in serious jeopardy