CVE-2024-41783
Published: 19 January 2025
Summary
CVE-2024-41783 is a critical-severity Command Injection (CWE-77) vulnerability in Ibm Sterling Secure Proxy. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-41783 is a command injection vulnerability (CWE-77) in IBM Sterling Secure Proxy versions 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0. The flaw stems from improper validation of a specified type of input, enabling a privileged user to inject commands into the underlying operating system. It carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility and potential for severe impacts.
A high-privileged user (PR:H) can exploit the vulnerability remotely over the network (AV:N) with low complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation allows the attacker to achieve high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) across a changed scope (S:C), potentially resulting in arbitrary command execution on the host operating system.
IBM has published a security bulletin detailing the vulnerability and recommended mitigations at https://www.ibm.com/support/pages/node/7176189. Security practitioners should consult this advisory for patch information and remediation steps specific to affected versions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-38922
Vulnerability details
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in network-accessible IBM proxy directly enables remote exploitation of public-facing app (T1190) and arbitrary OS command execution (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the improper input validation that enables command injection by requiring validation of specified inputs before processing.
Mandates timely remediation of the specific command injection flaw in IBM Sterling Secure Proxy through patching and testing.
Enforces least privilege to limit the damage potential from high-privileged users exploiting the vulnerability.