Login Sign Up

CVE-2024-21191

7.6 HIGH

📋 TL;DR

This vulnerability in Oracle Enterprise Manager Fusion Middleware Control allows authenticated attackers with low privileges to gain unauthorized access to sensitive data or modify data through HTTP requests. It affects organizations running Oracle Fusion Middleware 12.2.1.4.0 with the FMW Control Plugin. Successful exploitation requires human interaction from someone other than the attacker.

💻 Affected Systems

Products:
  • Oracle Enterprise Manager Fusion Middleware Control
Versions: 12.2.1.4.0
Operating Systems: All supported platforms for Oracle Fusion Middleware
Default Config Vulnerable: ⚠️ Yes
Notes: Requires FMW Control Plugin component. Human interaction from another user is needed for successful exploitation.

📦 What is this software?

Fusion Middleware by Oracle

View all CVEs affecting Fusion Middleware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Oracle Enterprise Manager Fusion Middleware Control data, unauthorized access to critical information across connected systems, and data manipulation affecting additional products due to scope change.

🟠

Likely Case

Unauthorized access to sensitive configuration data, credentials, or operational information within the Enterprise Manager environment, potentially leading to further lateral movement.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and monitoring that detects unusual access patterns from low-privileged accounts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Easily exploitable by low-privileged attackers with network access via HTTP, but requires human interaction from another person.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patch from Oracle Critical Patch Update October 2024

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2024.html

Restart Required: Yes

Instructions:

1. Download the appropriate patch from My Oracle Support. 2. Apply the patch following Oracle's patching procedures. 3. Restart affected services. 4. Verify the patch was applied successfully.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Oracle Enterprise Manager Fusion Middleware Control to trusted IP addresses only

# Use firewall rules to limit access
# Example: iptables -A INPUT -p tcp --dport <port> -s <trusted_ip> -j ACCEPT

Privilege Reduction

all

Review and minimize low-privileged user accounts with access to the affected component

# Review user permissions in Oracle EM
# Remove unnecessary low-privileged accounts

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the affected system from untrusted networks
  • Enhance monitoring and alerting for unusual access patterns from low-privileged accounts

🔍 How to Verify

Check if Vulnerable:

Check Oracle Enterprise Manager version and verify if running 12.2.1.4.0 with FMW Control Plugin

Check Version:

emctl status oms -details | grep Version

Verify Fix Applied:

Verify patch application through Oracle Enterprise Manager console or check version after patching

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests from low-privileged accounts
  • Failed authentication attempts followed by successful access
  • Access to sensitive data endpoints from unexpected sources

Network Indicators:

  • HTTP traffic to Oracle EM endpoints from unauthorized sources
  • Unusual data exfiltration patterns

SIEM Query:

source="oracle_em" AND (event_type="data_access" OR event_type="configuration_change") AND user_privilege="low" AND result="success"

📊 Metadata

CVE ID: CVE-2024-21191
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Published: October 15, 2024
Last Updated: October 18, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON