CVE-2024-28114 – CVE-2024-28114 is a Server-Side Template Inject... (How to Fix)

Q: How do I fix CVE-2024-28114?

1. Backup your Peering Manager database and configuration. 2. Stop the Peering Manager service. 3. Update to version 1.8.3 using your deployment method (pip, Docker, etc.). 4. Run database migrations if required. 5. Restart the Peering Manager service. 6. Verify functionality.

Q: What is the severity of CVE-2024-28114?

CVE-2024-28114 has a CVSS score of 8.1 (HIGH). CVE-2024-28114 is a Server-Side Template Injection vulnerability in Peering Manager that allows remote code execution. Attackers can execute arbitrary commands on the underlying operating system running Peering Manager. All users running Peering Manager versions 1.8.2 and earlier are affected.

📋 TL;DR

CVE-2024-28114 is a Server-Side Template Injection vulnerability in Peering Manager that allows remote code execution. Attackers can execute arbitrary commands on the underlying operating system running Peering Manager. All users running Peering Manager versions 1.8.2 and earlier are affected.

💻 Affected Systems

Products:

Peering Manager

Versions: <= 1.8.2

Operating Systems: Any OS running Peering Manager (typically Linux)

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Peering Manager by Peering Manager

View all CVEs affecting Peering Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the server with full administrative access, data exfiltration, lateral movement to other systems, and persistent backdoor installation.

🟠

Likely Case

Unauthorized command execution leading to service disruption, configuration modification, credential theft, and potential deployment of ransomware or cryptominers.

🟢

If Mitigated

Limited impact due to network segmentation, minimal privileges, and monitoring that detects unusual process execution.

🌐 Internet-Facing: HIGH - Peering Manager is typically exposed to external networks for BGP management, making it directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but external exposure increases risk significantly.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Template injection vulnerabilities typically have low exploitation complexity once the injection point is identified. The advisory suggests unauthenticated exploitation is possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.3

Vendor Advisory: https://github.com/peering-manager/peering-manager/security/advisories/GHSA-q37x-qfrx-jcv6

Restart Required: Yes

Instructions:

1. Backup your Peering Manager database and configuration. 2. Stop the Peering Manager service. 3. Update to version 1.8.3 using your deployment method (pip, Docker, etc.). 4. Run database migrations if required. 5. Restart the Peering Manager service. 6. Verify functionality.

🔧 Temporary Workarounds

No workarounds available

all

The vendor advisory states there are no known workarounds for this vulnerability.

🧯 If You Can't Patch

Immediately isolate the Peering Manager instance from the internet and restrict network access to only necessary BGP peers.
Implement strict network monitoring and alerting for unusual process execution or outbound connections from the Peering Manager host.

🔍 How to Verify

Check if Vulnerable:

Check the Peering Manager version in the web interface or by examining the installation. If version is 1.8.2 or earlier, the system is vulnerable.

Check Version:

For Docker: docker exec peering-manager python -c "import peering_manager; print(peering_manager.__version__)" | For pip: pip show peering-manager | grep Version

Verify Fix Applied:

After upgrading, verify the version shows 1.8.3 or later in the web interface or via the installation check.

📡 Detection & Monitoring

Log Indicators:

Unusual template rendering errors in application logs
Suspicious process execution in system logs (especially Python subprocess calls)
Unexpected outbound network connections from Peering Manager host

Network Indicators:

Unusual HTTP requests containing template syntax ({{, }}, {% %})
Outbound connections to suspicious IPs from Peering Manager host

SIEM Query:

source="peering-manager.log" AND ("template" OR "render" OR "exec" OR "subprocess") | source="system.log" AND process="python" AND parent_process="peering-manager"

📊 Metadata

CVE ID: CVE-2024-28114

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

CWE: CWE-74

Published: March 12, 2024

Last Updated: February 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28114, you might also want to check these: