CVE-2024-36068
📋 TL;DR
An incorrect access control vulnerability in Rubrik Cloud Data Management (CDM) allows attackers with network access to bypass authentication and execute arbitrary code. This affects Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6, and 8.1.3-p12. Organizations using vulnerable versions are at risk of complete system compromise.
💻 Affected Systems
- Rubrik Cloud Data Management (CDM)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise leading to data exfiltration, ransomware deployment, or complete infrastructure takeover.
Likely Case
Unauthorized access to backup data, credential theft, and lateral movement within the network.
If Mitigated
Limited impact if network segmentation and strict access controls prevent attacker access to vulnerable systems.
🎯 Exploit Status
The vulnerability requires network access but no authentication, making exploitation straightforward for attackers who can reach the system.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.1.2-p1, 9.0.3-p6, or 8.1.3-p12 depending on your version
Vendor Advisory: https://www.rubrik.com/advisories/rbk-20240619-v0044
Restart Required: Yes
Instructions:
1. Identify current Rubrik CDM version. 2. Download appropriate patch from Rubrik support portal. 3. Apply patch following Rubrik upgrade procedures. 4. Restart services as required. 5. Verify successful update.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to Rubrik CDM systems to only trusted management networks
Access Control Lists
allImplement strict firewall rules to limit source IP addresses that can connect to Rubrik CDM
🧯 If You Can't Patch
- Isolate vulnerable systems from internet and untrusted networks
- Implement strict network monitoring and anomaly detection for Rubrik CDM traffic
🔍 How to Verify
Check if Vulnerable:
Check Rubrik CDM version via Rubrik web interface or CLI. If version is below 9.1.2-p1, 9.0.3-p6, or 8.1.3-p12, system is vulnerable.Check Version:
rubrik version (via Rubrik CLI) or check in Rubrik web interface under System > AboutVerify Fix Applied:
Confirm version shows 9.1.2-p1, 9.0.3-p6, or 8.1.3-p12 or higher after patching.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to Rubrik CDM
- Unusual authentication patterns
- Unexpected process execution on Rubrik systems
Network Indicators:
- Unusual outbound connections from Rubrik systems
- Traffic to Rubrik CDM from unexpected source IPs
- Anomalous API calls to Rubrik endpoints
SIEM Query:
source="rubrik" AND (event_type="authentication_failure" OR event_type="unauthorized_access")