CVE-2024-26477
📋 TL;DR
CVE-2024-26477 is an information disclosure vulnerability in Statping-ng v0.91.0 that allows attackers to access sensitive information through crafted requests to specific API endpoints. This affects all users running the vulnerable version of Statping-ng, potentially exposing authentication tokens, configuration data, or other sensitive system information.
💻 Affected Systems
- Statping-ng
📦 What is this software?
Statping Ng by Statping Ng
⚠️ Risk & Real-World Impact
Worst Case
Attackers could obtain authentication tokens, API keys, or configuration secrets leading to complete system compromise, data exfiltration, or lateral movement within the network.
Likely Case
Attackers gain access to sensitive configuration information, potentially enabling further attacks or exposing system details that could be used in reconnaissance.
If Mitigated
With proper network segmentation and access controls, impact is limited to information disclosure without enabling further system compromise.
🎯 Exploit Status
Proof-of-concept code is publicly available on GitHub, making exploitation straightforward for attackers with network access to vulnerable endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.92.0 or later
Vendor Advisory: https://github.com/statping-ng/statping-ng
Restart Required: Yes
Instructions:
1. Backup current configuration and data. 2. Download latest version from GitHub releases. 3. Stop Statping-ng service. 4. Replace binary with patched version. 5. Restart Statping-ng service.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to Statping-ng API endpoints using firewall rules or network segmentation.
Reverse Proxy Configuration
allConfigure reverse proxy to block or sanitize requests to vulnerable /oauth, /amazon_sns, and /export endpoints.
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach Statping-ng endpoints
- Monitor logs for unusual requests to /oauth, /amazon_sns, and /export API endpoints
🔍 How to Verify
Check if Vulnerable:
Check Statping-ng version; if running v0.91.0, system is vulnerable. Test with curl: curl -X GET 'http://<statping-host>/api/oauth?crafted=payload'Check Version:
./statping version or check web interface dashboardVerify Fix Applied:
Verify version is v0.92.0 or later. Test same endpoints should return proper error responses instead of sensitive data.📡 Detection & Monitoring
Log Indicators:
- Unusual requests to /api/oauth, /api/amazon_sns, /api/export endpoints
- Requests with crafted parameters to these endpoints
- Increased error rates from API endpoints
Network Indicators:
- HTTP requests with unusual parameter patterns to vulnerable endpoints
- Traffic from unexpected sources to Statping-ng API
SIEM Query:
source="statping-ng" AND (uri_path="/api/oauth" OR uri_path="/api/amazon_sns" OR uri_path="/api/export") AND http_method="GET"