CVE-2024-23333
Published: 18 March 2024
Summary
CVE-2024-23333 is a high-severity Injection (CWE-74) vulnerability in Ldap-Account-Manager Ldap Account Manager. Its CVSS base score is 7.9 (High).
Operationally, ranked in the top 9.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
LDAP Account Manager (LAM) is a web frontend for managing LDAP directory entries. Prior to version 8.7, its log configuration feature permitted specification of arbitrary file paths. An attacker able to reach the configuration settings could therefore direct LAM to write PHP code into a file placed under a web-accessible directory, resulting in remote code execution when that file was subsequently requested.
Exploitation requires knowledge of LAM’s master configuration password and the existence of a web-server-writable directory reachable over HTTP; LAM itself does not ship any such directory. Successful exploitation yields arbitrary PHP execution on the server with the privileges of the web-server process.
The vulnerability was corrected in release 8.7. The project advisory recommends restricting access to LAM’s configuration pages to authorized administrators as a workaround and notes that the two prerequisite conditions significantly limit practical attack surface.
The associated EPSS score has remained flat at 0.0576 since disclosure, indicating no observable increase in exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-20845
Vulnerability details
LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file…
more
and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.