CVE-2024-37348
📋 TL;DR
This is a stored cross-site scripting (XSS) vulnerability in Absolute Secure Access management UI that allows authenticated system administrators to inject malicious scripts. When exploited, it can interfere with other administrators' management sessions by executing arbitrary JavaScript in their browsers. Only systems running Absolute Secure Access versions before 13.06 with administrator accounts are affected.
💻 Affected Systems
- Absolute Secure Access
📦 What is this software?
Secure Access by Absolute
⚠️ Risk & Real-World Impact
Worst Case
A malicious administrator could inject persistent scripts that hijack other administrators' sessions, potentially leading to privilege escalation, configuration changes, or data manipulation across the management platform.
Likely Case
An administrator with malicious intent could disrupt other administrators' workflows by injecting annoying scripts or misleading content into the management interface, causing operational confusion.
If Mitigated
With proper access controls and administrator vetting, the impact is minimal since it requires authenticated administrator privileges to exploit.
🎯 Exploit Status
Exploitation requires authenticated administrator access. The vulnerability involves injecting scripts into management objects that persist and execute when other administrators view/edit those objects.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 13.06
Vendor Advisory: https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37348/
Restart Required: Yes
Instructions:
1. Download Absolute Secure Access version 13.06 from Absolute support portal. 2. Backup current configuration. 3. Apply the update following Absolute's upgrade documentation. 4. Restart the Secure Access service. 5. Verify the update completed successfully.
🔧 Temporary Workarounds
Restrict Administrator Access
allLimit the number of administrator accounts and implement strict access controls to reduce attack surface.
Implement Content Security Policy
allAdd Content-Security-Policy headers to restrict script execution in the management UI.
🧯 If You Can't Patch
- Implement strict administrator account monitoring and review all administrator activities regularly.
- Segment management network access and ensure only trusted administrators can access the management UI.
🔍 How to Verify
Check if Vulnerable:
Check the Absolute Secure Access version in the management UI under System > About. If version is below 13.06, the system is vulnerable.Check Version:
Check via management UI: System > About, or via CLI if available: 'absolute-secure-access --version'Verify Fix Applied:
After updating, verify the version shows 13.06 or higher in the management UI. Test that administrator users cannot inject scripts into management objects.📡 Detection & Monitoring
Log Indicators:
- Unusual administrator activity patterns
- Multiple failed login attempts on administrator accounts
- Unexpected configuration changes to management objects
Network Indicators:
- Unusual traffic patterns to management UI endpoints
- Suspicious script-like content in HTTP requests to management endpoints
SIEM Query:
source="absolute_secure_access" AND (event_type="admin_login" OR event_type="config_change") AND user="administrator" AND result="success" | stats count by user, src_ip