CVE-2024-9050

Nov. 12, 2024, 9:15 p.m.

7.8
High

Description

A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.

Product(s) Impacted

Product Versions
NetworkManager-libreswan

Weaknesses

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

https://access.redhat.com/errata/RHSA-2024:8312
https://access.redhat.com/errata/RHSA-2024:8338
https://access.redhat.com/errata/RHSA-2024:8352
https://access.redhat.com/errata/RHSA-2024:8353
https://access.redhat.com/errata/RHSA-2024:8354
https://access.redhat.com/errata/RHSA-2024:8355
https://access.redhat.com/errata/RHSA-2024:8356
https://access.redhat.com/errata/RHSA-2024:8357
https://access.redhat.com/errata/RHSA-2024:8358
https://access.redhat.com/security/cve/CVE-2024-9050
https://bugzilla.redhat.com/show_bug.cgi?id=2313828

Tags

secalert@redhat.com
CWE-94
2024-10-22
CVE-2024-9050

CVSS Score

7.8 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Date

  • Published: Oct. 22, 2024, 1:15 p.m.
  • Last Modified: Nov. 12, 2024, 9:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.