CVE-2024-10072 – This critical SQL injection vulnerability in ES... (How to Fix)

Q: What is the severity of CVE-2024-10072?

CVE-2024-10072 has a CVSS score of 6.3 (MEDIUM). This critical SQL injection vulnerability in ESAFENET CDG 5 allows remote attackers to execute arbitrary SQL commands by manipulating the 'checklist' parameter in the actionAddEncryptPolicyGroup function. Organizations using ESAFENET CDG 5 are affected, particularly those with internet-facing instances. The vulnerability could lead to data theft, system compromise, or complete database takeover.

📋 TL;DR

This critical SQL injection vulnerability in ESAFENET CDG 5 allows remote attackers to execute arbitrary SQL commands by manipulating the 'checklist' parameter in the actionAddEncryptPolicyGroup function. Organizations using ESAFENET CDG 5 are affected, particularly those with internet-facing instances. The vulnerability could lead to data theft, system compromise, or complete database takeover.

💻 Affected Systems

Products:

ESAFENET CDG 5

Versions: All versions of ESAFENET CDG 5 (specific version range not specified in disclosure)

Operating Systems: Any OS running ESAFENET CDG 5

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of ESAFENET CDG 5. All deployments using the affected software version are vulnerable.

📦 What is this software?

Cdg by Esafenet

View all CVEs affecting Cdg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, privilege escalation, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized data access, modification, or deletion of sensitive information in the database.

🟢

If Mitigated

Limited impact if proper input validation and parameterized queries are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed, making weaponization likely. The vulnerability requires remote access but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor has not responded to disclosure. Consider workarounds or alternative solutions.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block SQL injection patterns targeting the /com/esafenet/servlet/policy/EncryptPolicyService.java endpoint

Network Segmentation

all

Restrict network access to ESAFENET CDG 5 instances to only trusted IP addresses

🧯 If You Can't Patch

Isolate the affected system from the internet and restrict internal network access
Implement strict input validation and parameterized queries at the application layer if source code access is available

🔍 How to Verify

Check if Vulnerable:

Check if ESAFENET CDG 5 is installed and review application logs for SQL injection attempts against the EncryptPolicyService endpoint

Check Version:

Check application documentation or configuration files for ESAFENET CDG 5 version information

Verify Fix Applied:

Test the vulnerable endpoint with SQL injection payloads to confirm they are properly blocked or sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed login attempts or parameter manipulation in EncryptPolicyService logs
SQL syntax errors in application error logs

Network Indicators:

Unusual database connection patterns from application servers
SQL injection patterns in HTTP requests to /com/esafenet/servlet/policy/EncryptPolicyService.java

SIEM Query:

source="application_logs" AND ("EncryptPolicyService" OR "actionAddEncryptPolicyGroup") AND (sql OR injection OR "UNION SELECT" OR "OR 1=1")

📊 Metadata

CVE ID: CVE-2024-10072

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: October 17, 2024

Last Updated: October 22, 2024

🔗 References

https://flowus.cn/share/dd690c21-bb5c-4db4-a737-afb2cf54c8e1?code=G8A6P3 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.280721 Permissions Required
https://vuldb.com/?id.280721 Permissions Required
https://vuldb.com/?submit.420914 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10072, you might also want to check these: