Cyber Resilience

CVE-2024-6107

CriticalPublic PoC

Published: 21 July 2025

Published
21 July 2025
Modified
27 August 2025
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
EPSS Score 0.0028 52.1th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-6107 is a critical-severity Improper Authentication (CWE-287) vulnerability in Canonical Metal As A Service. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 47.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-3 (Device Identification and Authentication).

Deeper analysis

CVE-2024-6107 is a critical authentication bypass vulnerability (CWE-287) in MAAS (Metal-as-a-Service), stemming from insufficient verification of clients. It allows a malicious client to evade authentication checks and execute RPC commands within a region. The issue carries a CVSS v3.1 base score of 9.6 (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H), indicating high severity due to its potential for significant confidentiality and availability impacts alongside a scope change.

An adjacent network attacker (AV:A) with no privileges (PR:N) can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation enables the attacker to run arbitrary RPC commands in a MAAS region, potentially leading to high confidentiality loss (C:H), high availability disruption (A:H), and low integrity compromise (I:L).

The vulnerability has been addressed in updated versions of MAAS and the corresponding snaps. Additional details are available in the Launchpad bug report at https://bugs.launchpad.net/maas/+bug/2069094.

EU & UK References

Vulnerability details

Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Authentication bypass (CWE-287) directly enables exploitation of the MAAS region RPC service by an unauthenticated adjacent-network attacker to execute arbitrary commands.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24241Shared CWE-287
CVE-2026-21633Shared CWE-287
CVE-2025-56752Shared CWE-287
CVE-2025-15480Same vendor: Canonical
CVE-2026-34179Same vendor: Canonical
CVE-2026-5412Same vendor: Canonical
CVE-2026-4370Same vendor: Canonical
CVE-2025-14551Same vendor: Canonical
CVE-2026-49238Same vendor: Canonical
CVE-2025-53513Same vendor: Canonical

Affected Assets

canonical
metal as a service
3.5.0 · 3.1.0 — 3.1.4 · 3.2.0 — 3.2.11 · 3.3.0 — 3.3.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations and authentication checks to prevent malicious clients from bypassing verification and executing unauthorized RPC commands.

prevent

Requires identification and authentication of clients or devices prior to allowing RPC command execution, directly countering the insufficient client verification.

prevent

Mandates timely remediation of flaws like this authentication bypass through software updates, as addressed in MAAS patches.

References