CVE-2024-4326
Published: 16 May 2024
Summary
CVE-2024-4326 is a critical-severity External Control of System or Configuration Setting (CWE-15) vulnerability in Lollms Lollms Web Ui. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Supply Chain and Deployment risk domain; MITRE ATLAS techniques in scope: AML.T0040.000, AML.T0053.000, Infer Training Data Membership (AML.T0024.000).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-43968
Vulnerability details
A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protections by setting the host to localhost, enabling code execution,…
more
and disabling code validation through the `/apply_settings` endpoint. Subsequently, arbitrary commands can be executed remotely via the `/execute_code` endpoint, exploiting the delay in settings enforcement. This issue was addressed in version 9.5.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- parisneo/lollms-webui is a web interface for Lord of Large Language Models (LollMS), providing a platform for interacting with LLMs, aligning with Enterprise AI Assistants as it enables user-facing AI model deployment and usage.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote code execution by exploiting unprotected web endpoints (/apply_settings and /execute_code) in a public-facing web application, bypassing protections to disable validation and run arbitrary commands, mapping to T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
The policy and procedures establish internal controls and change management for system configuration settings, reducing the feasibility of external unauthorized modifications.
Baseline configuration under change control directly prevents unauthorized external modification of system or configuration settings.
Requires approval, documentation, and security impact review of all configuration changes, directly preventing unauthorized external control of system settings.
Impact analysis of configuration changes reduces the risk of deploying settings that permit unauthorized external control.
Restricting changes to system and configuration settings prevents external entities from controlling those settings without approval.
Establishing, implementing, approving deviations from, and monitoring configuration settings directly prevents external or unauthorized control of system settings.
The plan defines processes for identifying and managing configuration items, preventing external unauthorized control of system settings.
Vulnerability scanners directly detect externally controllable or misconfigured settings using standardized checklists.