Cyber Resilience

CVE-2024-28224

Medium

Published: 08 April 2024

Published
08 April 2024
Modified
13 May 2025
KEV Added
Patch
CVSS Score v3.1 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
EPSS Score 0.0019 41.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-28224 is a medium-severity Origin Validation Error (CWE-346) vulnerability in Ollama Ollama. Its CVSS base score is 6.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 41.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as APIs and Models; in the Protocol-Specific Risks risk domain; MITRE ATLAS techniques in scope: AML.T0040.000, Direct (AML.T0051.000), Financial Harm (AML.T0048.000).

EU & UK References

Vulnerability details

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).

CWE(s)

AI Security AnalysisAI

AI Category
APIs and Models
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Ollama provides a REST API for running and interacting with large language models locally, and the vulnerability exposes this API via DNS rebinding.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1499.003 Application Exhaustion Flood Impact
Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications.
Why these techniques?

DNS rebinding vulnerability (CVE-2024-28224) enables remote unauthorized API access to Ollama, facilitating remote service exploitation (T1210), model file deletion (T1070.004), and resource exhaustion DoS via LLM inference (T1499.003).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0040.000AML.T0051.000: DirectAML.T0048.000: Financial Harm

Affected Assets

ollama
ollama
≤ 0.1.29

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-346

Requires unique identification of the service before communications, addressing failures to validate the origin of the interaction.

addresses: CWE-346

Trusted path establishment enforces validation that the communication originates from and reaches only the intended trusted system components.

addresses: CWE-346

Enforces validation of the true origin of DNS responses via signatures and chain-of-trust mechanisms.

addresses: CWE-346

Enforces origin validation of name/address data, eliminating reliance on unverified or impersonated DNS sources.

addresses: CWE-346

Mandates origin validation so that only legitimate endpoints can continue the authenticated session.

References