CVE-2024-27348 – This vulnerability allows unauthenticated remot... (How to Fix)

Q: What is the severity of CVE-2024-27348?

CVE-2024-27348 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on Apache HugeGraph-Server instances. It affects all Apache HugeGraph-Server versions from 1.0.0 to before 1.3.0 running on Java 8 or Java 11. Attackers can gain complete control over affected systems.

📋 TL;DR

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on Apache HugeGraph-Server instances. It affects all Apache HugeGraph-Server versions from 1.0.0 to before 1.3.0 running on Java 8 or Java 11. Attackers can gain complete control over affected systems.

💻 Affected Systems

Products:

Apache HugeGraph-Server

Versions: 1.0.0 to versions before 1.3.0

Operating Systems: Any OS running Java 8 or Java 11

Default Config Vulnerable: ⚠️ Yes

Notes: Default installations without authentication enabled are vulnerable. Java 8 and Java 11 versions are both affected.

📦 What is this software?

Hugegraph by Apache

View all CVEs affecting Hugegraph →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal data, deploy ransomware, pivot to other systems, and establish persistent backdoors.

🟠

Likely Case

Remote code execution leading to data theft, cryptocurrency mining, or system takeover for botnet participation.

🟢

If Mitigated

No impact if authentication is properly configured and enabled, as the vulnerability requires unauthenticated access.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly exploitable without authentication, making them prime targets for automated attacks.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but require network access; risk increases if internal network segmentation is weak.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability allows unauthenticated remote command execution, making exploitation straightforward for attackers who discover the exploit method.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.0 with Java 11

Vendor Advisory: https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9

Restart Required: Yes

Instructions:

1. Backup all data and configurations. 2. Download Apache HugeGraph-Server version 1.3.0. 3. Stop the HugeGraph-Server service. 4. Replace the existing installation with version 1.3.0. 5. Enable authentication system as per Apache documentation. 6. Restart the service.

🔧 Temporary Workarounds

Enable Authentication System

all

Configure and enable the authentication system to prevent unauthenticated access, which mitigates the vulnerability.

Follow configuration steps at: https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication

Network Access Control

linux

Restrict network access to HugeGraph-Server instances using firewalls or network security groups.

iptables -A INPUT -p tcp --dport 8080 -s trusted_ip_range -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP

🧯 If You Can't Patch

Enable authentication system immediately following Apache's documentation
Isolate affected systems from internet and restrict internal network access using firewalls

🔍 How to Verify

Check if Vulnerable:

Check HugeGraph-Server version and authentication status. If version is between 1.0.0 and 1.2.x and authentication is disabled, the system is vulnerable.

Check Version:

Check the HugeGraph-Server startup logs or configuration files for version information, or use: curl -X GET http://localhost:8080/graphs/hugegraph/versions

Verify Fix Applied:

Verify version is 1.3.0 or higher and authentication system is properly configured and enabled.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts
Unexpected command execution patterns
Abnormal process creation from HugeGraph-Server

Network Indicators:

Unusual outbound connections from HugeGraph-Server
Traffic to suspicious IP addresses or domains

SIEM Query:

source="hugegraph-server" AND (event_type="authentication_failure" OR process_execution="*cmd*" OR network_connection="suspicious_ip")

📊 Metadata

CVE ID: CVE-2024-27348

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

Published: April 22, 2024

Last Updated: October 23, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2024/04/22/3 Mailing List,Third Party Advisory
https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication Product
https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 Mailing List,Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/04/22/3 Mailing List,Third Party Advisory
https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication Product
https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 Mailing List,Vendor Advisory
https://www.vicarius.io/vsociety/posts/remote-code-execution-vulnerability-in-apache-hugegraph-server-cve-2024-27348 Exploit,Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27348 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27348, you might also want to check these: