Login Sign Up

CVE-2024-20917

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Oracle Enterprise Manager Base Platform's Log Management component allows an unauthenticated attacker with network access via HTTP to potentially compromise the system. Successful exploitation requires human interaction from someone other than the attacker and can lead to unauthorized data access, modification, or partial denial of service. Only version 13.5.0.0 is affected.

💻 Affected Systems

Products:
  • Oracle Enterprise Manager Base Platform
Versions: 13.5.0.0 only
Operating Systems: All platforms running Oracle Enterprise Manager
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Log Management component. Requires human interaction from a user other than the attacker for successful exploitation.

📦 What is this software?

Enterprise Manager Base Platform by Oracle

View all CVEs affecting Enterprise Manager Base Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Oracle Enterprise Manager Base Platform with unauthorized access to all accessible data, ability to modify or delete data, and partial denial of service affecting managed systems.

🟠

Likely Case

Unauthorized access to sensitive log data and limited ability to modify or delete some log management data.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and user awareness preventing successful human interaction requirement.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploitation requires human interaction from someone other than the attacker, making automated attacks difficult. The 'difficult to exploit' rating suggests technical complexity beyond just the human interaction requirement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patch from Oracle Critical Patch Update Advisory - January 2024

Vendor Advisory: https://www.oracle.com/security-alerts/cpujan2024.html

Restart Required: Yes

Instructions:

1. Download the appropriate patch from My Oracle Support. 2. Apply the patch following Oracle's Enterprise Manager patching procedures. 3. Restart affected services as required. 4. Verify the patch was successfully applied.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Oracle Enterprise Manager to trusted networks only

Configure firewall rules to limit HTTP access to Oracle Enterprise Manager from authorized IP ranges only

Authentication Enforcement

all

Implement additional authentication layers for Log Management component access

Configure Oracle Enterprise Manager to require authentication for all Log Management functions

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Oracle Enterprise Manager from untrusted networks
  • Enhance monitoring and alerting for suspicious access patterns to Log Management components

🔍 How to Verify

Check if Vulnerable:

Check Oracle Enterprise Manager version via EM CLI: emctl status agent -details

Check Version:

emctl status agent -details | grep 'Enterprise Manager'

Verify Fix Applied:

Verify patch application via Oracle OPatch utility: opatch lsinventory | grep -i 'Enterprise Manager'

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests to Log Management endpoints
  • Unauthorized access attempts to log files
  • Suspicious user interactions with log interfaces

Network Indicators:

  • HTTP traffic to Oracle Enterprise Manager Log Management endpoints from unexpected sources
  • Unusual patterns in log access requests

SIEM Query:

source="oracle_em" AND (uri_path CONTAINS "/log" OR uri_path CONTAINS "/management") AND http_method="GET" OR http_method="POST" FROM suspicious_ips

📊 Metadata

CVE ID: CVE-2024-20917
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L
Published: February 17, 2024
Last Updated: November 27, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON