Login Sign Up

CVE-2024-3019

8.8 HIGH
Remote Code Execution

📋 TL;DR

A vulnerability in PCP's default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with Redis user privileges. This affects PCP versions 4.3.4 and newer when pmproxy is running. By default, pmproxy is not running and must be manually started, typically via the Cockpit web interface.

💻 Affected Systems

Products:
  • PCP (Performance Co-Pilot)
Versions: 4.3.4 and newer
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when pmproxy service is running; by default it is not started automatically.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution with Redis user privileges, potentially leading to privilege escalation, data theft, or lateral movement.

🟠

Likely Case

Local network attackers gain Redis user access, enabling data manipulation, service disruption, or further exploitation.

🟢

If Mitigated

Limited impact if pmproxy is not running or network access is restricted, with no remote exploitation possible.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to the Redis backend exposed by pmproxy's default configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Red Hat advisories for specific patched versions

Vendor Advisory: https://access.redhat.com/errata/RHSA-2024:2566

Restart Required: Yes

Instructions:

1. Update PCP package via yum/dnf: sudo yum update pcp 2. Restart pmproxy service if running: sudo systemctl restart pmproxy

🔧 Temporary Workarounds

Disable pmproxy service

linux

Stop and disable the pmproxy service if not required

sudo systemctl stop pmproxy
sudo systemctl disable pmproxy

Restrict Redis network access

linux

Configure Redis to bind only to localhost or restrict network access via firewall

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="127.0.0.1" port port="6379" protocol="tcp" accept'
sudo firewall-cmd --reload

🧯 If You Can't Patch

  • Ensure pmproxy service is not running unless absolutely necessary
  • Implement strict network segmentation and firewall rules to isolate Redis backend from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check if pmproxy is running and PCP version is 4.3.4+: systemctl status pmproxy && pcp --version

Check Version:

pcp --version

Verify Fix Applied:

Verify PCP version is updated beyond vulnerable range and pmproxy configuration no longer exposes Redis to network

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to Redis port 6379 in pmproxy logs
  • Unusual Redis commands or connections from non-local addresses

Network Indicators:

  • Unexpected network traffic to Redis port 6379 from local network
  • Connection attempts to pmproxy Redis backend

SIEM Query:

source="pmproxy.log" AND ("redis" OR "6379") AND NOT src_ip="127.0.0.1"

📊 Metadata

CVE ID: CVE-2024-3019
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-668
Published: March 28, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3019, you might also want to check these:

CVE-2025-15114 9.8

This critical vulnerability in Ksenia Security Lares 4.0 Home Automation version 1.6 exposes the ala...

Same vulnerability type (CWE-668)
CVE-2021-27236 9.8

This vulnerability in Mutare Voice (EVM) allows unauthenticated attackers to include local files via...

Same vulnerability type (CWE-668)
CVE-2022-24074 9.8

CVE-2022-24074 is a critical vulnerability in Whale Browser's default Whale Bridge extension that al...

Same vulnerability type (CWE-668)