CVE-2024-10173 – This vulnerability allows attackers to bypass a... (How to Fix)

Q: What is the severity of CVE-2024-10173?

CVE-2024-10173 has a CVSS score of 7.3 (HIGH). This vulnerability allows attackers to bypass authentication in didi DDMQ 1.0's Console Module by manipulating the /;login endpoint. Remote attackers can potentially gain unauthorized access to administrative functions. All systems running DDMQ 1.0 with the Console Module exposed are affected.

📋 TL;DR

This vulnerability allows attackers to bypass authentication in didi DDMQ 1.0's Console Module by manipulating the /;login endpoint. Remote attackers can potentially gain unauthorized access to administrative functions. All systems running DDMQ 1.0 with the Console Module exposed are affected.

💻 Affected Systems

Products:

didi DDMQ

Versions: 1.0 (rolling release model, all versions prior to fix)

Operating Systems: All platforms running DDMQ

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Console Module component specifically. The rolling release model means specific version numbers for affected/fixed releases are not available.

📦 What is this software?

Ddmq by Didiglobal

View all CVEs affecting Ddmq →

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to access, modify, or delete message queues, configuration data, and potentially execute arbitrary code on the underlying system.

🟠

Likely Case

Unauthorized access to administrative console leading to message queue manipulation, data exposure, and potential service disruption.

🟢

If Mitigated

Limited impact with proper network segmentation and authentication controls in place, potentially only exposing non-sensitive configuration data.

🌐 Internet-Facing: HIGH - Attack can be launched remotely and exploit is publicly available, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires some level of network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit has been publicly disclosed on GitHub and requires minimal technical skill to execute. The vulnerability involves simple URL manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Monitor the DDMQ GitHub repository for updates and apply any security patches when released.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to the Console Module using firewall rules or network segmentation

iptables -A INPUT -p tcp --dport [CONSOLE_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [CONSOLE_PORT] -j DROP

Reverse Proxy Authentication

all

Place the Console Module behind a reverse proxy with additional authentication layer

🧯 If You Can't Patch

Isolate the DDMQ Console Module to internal network segments only
Implement Web Application Firewall (WAF) rules to block requests containing /;login patterns

🔍 How to Verify

Check if Vulnerable:

Attempt to access the Console Module login endpoint with /;login appended to the URL and check if authentication is bypassed

Check Version:

Check DDMQ documentation or configuration files for version information (specific command unavailable)

Verify Fix Applied:

Test the same authentication bypass attempt after implementing workarounds to confirm they are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts
Access to /;login endpoints
Successful logins from unexpected IP addresses

Network Indicators:

HTTP requests containing /;login in URL path
Unauthorized access to console port

SIEM Query:

source="ddmq_logs" AND (url_path="/;login" OR auth_result="success" FROM unexpected_ip)

📊 Metadata

CVE ID: CVE-2024-10173

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-287

Published: October 20, 2024

Last Updated: October 22, 2024

🔗 References

https://github.com/didi/DDMQ/issues/37 Exploit,Issue Tracking,Third Party Advisory
https://github.com/didi/DDMQ/issues/37#issue-2577905007 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.280957 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.280957 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.421516 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10173, you might also want to check these: