CVE-2024-10553
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to execute arbitrary code on H2O-3 machine learning platforms by exploiting insecure deserialization in REST API endpoints. Attackers can achieve remote code execution by sending malicious JDBC URLs to vulnerable endpoints. Organizations running H2O-3 REST API versions 3.46.0.4 are affected.
💻 Affected Systems
- h2oai/h2o-3
📦 What is this software?
H2o by H2o
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control over the H2O-3 server, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Remote code execution allowing attackers to install backdoors, exfiltrate sensitive data, or use the compromised system for further attacks.
If Mitigated
Limited impact if proper network segmentation and authentication controls prevent external access to the vulnerable endpoints.
🎯 Exploit Status
Exploit details are publicly available in the huntr.com bounty report. Attack requires no authentication and minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.47.0
Vendor Advisory: https://github.com/h2oai/h2o-3/commit/ac1d642b4d86f10a02d75974055baf2a4b2025ac
Restart Required: Yes
Instructions:
1. Backup current configuration and data. 2. Stop H2O-3 service. 3. Upgrade to version 3.47.0 or later. 4. Restart H2O-3 service. 5. Verify the upgrade was successful.
🔧 Temporary Workarounds
Network Access Control
linuxBlock external access to vulnerable endpoints using firewall rules or network segmentation.
iptables -A INPUT -p tcp --dport [H2O_PORT] -m string --string "POST /99/ImportSQLTable" --algo bm -j DROP
iptables -A INPUT -p tcp --dport [H2O_PORT] -m string --string "POST /3/SaveToHiveTable" --algo bm -j DROP
Authentication Enforcement
allRequire authentication for all REST API endpoints if not already configured.
Configure H2O-3 authentication via -auth parameter during startup
🧯 If You Can't Patch
- Disable or block access to POST /99/ImportSQLTable and POST /3/SaveToHiveTable endpoints
- Implement strict network segmentation to isolate H2O-3 from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Check H2O-3 version: if running 3.46.0.4, the system is vulnerable. Verify if vulnerable endpoints are accessible without authentication.Check Version:
curl -X GET http://[H2O_HOST]:[PORT]/3/About | grep versionVerify Fix Applied:
Confirm version is 3.47.0 or later. Test that POST requests to /99/ImportSQLTable and /3/SaveToHiveTable with malicious JDBC URLs no longer execute arbitrary code.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /99/ImportSQLTable or /3/SaveToHiveTable
- JDBC connection attempts with unusual URLs
- Java deserialization errors in logs
Network Indicators:
- POST requests to vulnerable endpoints from unexpected sources
- Outbound connections from H2O-3 server to suspicious IPs
SIEM Query:
source="h2o.log" AND ("POST /99/ImportSQLTable" OR "POST /3/SaveToHiveTable") AND NOT user_agent="normal-client"