CVE-2019-12124 – This vulnerability in ONAP APPC exposes an unpr... (How to Fix)

Q: What is the severity of CVE-2019-12124?

CVE-2019-12124 has a CVSS score of 9.1 (CRITICAL). This vulnerability in ONAP APPC exposes an unprotected Jolokia interface, allowing unauthenticated attackers to read or overwrite arbitrary files. All APPC setups before the Dublin release are affected, potentially compromising sensitive data and system integrity.

📋 TL;DR

This vulnerability in ONAP APPC exposes an unprotected Jolokia interface, allowing unauthenticated attackers to read or overwrite arbitrary files. All APPC setups before the Dublin release are affected, potentially compromising sensitive data and system integrity.

💻 Affected Systems

Products:

ONAP APPC

Versions: All versions before Dublin release

Operating Systems: Any OS running ONAP APPC

Default Config Vulnerable: ⚠️ Yes

Notes: All APPC setups are affected according to description.

📦 What is this software?

Open Network Automation Platform by Onap

View all CVEs affecting Open Network Automation Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file overwrite leading to remote code execution, data theft, or service disruption.

🟠

Likely Case

Unauthenticated attackers reading sensitive configuration files, credentials, or overwriting critical files to disrupt services.

🟢

If Mitigated

Limited impact if interface is properly secured or network access is restricted.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation possible if exposed to internet.

🏢 Internal Only: HIGH - Even internal attackers can exploit without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation involves accessing exposed Jolokia interface which is straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Dublin release or later

Vendor Advisory: https://jira.onap.org/browse/OJSI-63

Restart Required: Yes

Instructions:

1. Upgrade ONAP APPC to Dublin release or later. 2. Verify Jolokia interface is properly secured. 3. Restart APPC services.

🔧 Temporary Workarounds

Restrict Jolokia Interface Access

linux

Configure firewall rules to restrict access to Jolokia interface ports

iptables -A INPUT -p tcp --dport 8778 -j DROP
ufw deny 8778/tcp

Disable Jolokia Interface

all

Disable the exposed Jolokia interface in APPC configuration

Edit APPC configuration to set jolokia.enabled=false

🧯 If You Can't Patch

Implement strict network segmentation to isolate APPC systems
Deploy web application firewall with rules to block Jolokia interface access

🔍 How to Verify

Check if Vulnerable:

Check if Jolokia interface is accessible on default port 8778 without authentication: curl http://<appc_host>:8778/jolokia

Check Version:

Check ONAP version documentation or APPC component version

Verify Fix Applied:

Verify Jolokia interface requires authentication or is inaccessible: curl http://<appc_host>:8778/jolokia should return 401/403 or connection refused

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access to /jolokia endpoints
File read/write operations from unexpected sources

Network Indicators:

Unusual traffic to port 8778 from external sources
Multiple file access attempts via Jolokia

SIEM Query:

source_port=8778 AND (http_uri CONTAINS '/jolokia' OR http_user_agent CONTAINS 'Jolokia')

📊 Metadata

CVE ID: CVE-2019-12124

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Published: March 18, 2020

Last Updated: November 21, 2024

🔗 References

https://jira.onap.org/browse/OJSI-63 Exploit,Patch,Vendor Advisory
https://jira.onap.org/browse/OJSI-63 Exploit,Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON