CVE-2024-37350
📋 TL;DR
This cross-site scripting vulnerability in Absolute Secure Access's policy management UI allows authenticated attackers to craft malicious links that, when clicked by victim administrators, can manipulate the UI to perform unauthorized actions. The vulnerability affects system administrators using Absolute Secure Access versions prior to 13.06. Attackers must be authenticated to exploit this vulnerability.
💻 Affected Systems
- Absolute Secure Access
📦 What is this software?
Secure Access by Absolute
⚠️ Risk & Real-World Impact
Worst Case
An attacker could manipulate the policy management UI to create, modify, or delete security policies, potentially granting unauthorized access or disabling security controls.
Likely Case
Attackers could trick administrators into performing unintended policy changes or configuration modifications through UI manipulation.
If Mitigated
With proper access controls and administrator awareness training, the risk is limited to authenticated attackers who can socially engineer administrators.
🎯 Exploit Status
Requires authenticated attacker, social engineering of administrator, and specific UI interaction.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 13.06
Vendor Advisory: https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37350/
Restart Required: Yes
Instructions:
1. Download Absolute Secure Access version 13.06 from Absolute support portal. 2. Backup current configuration. 3. Apply the update following Absolute's upgrade documentation. 4. Restart the Secure Access service.
🔧 Temporary Workarounds
Restrict Console Access
allLimit access to the policy management UI to trusted administrators only and implement network segmentation.
Administrator Security Training
allTrain administrators to avoid clicking untrusted links while authenticated to administrative consoles.
🧯 If You Can't Patch
- Implement strict access controls to limit who can authenticate to the Secure Access console
- Deploy web application firewall rules to detect and block XSS payloads in the policy management UI
🔍 How to Verify
Check if Vulnerable:
Check the Absolute Secure Access version in the administration console under System Information.Check Version:
Check via Absolute Secure Access web interface: System > About or via CLI if available.Verify Fix Applied:
Verify the version shows 13.06 or later in the administration console and test policy management functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual policy changes from unexpected administrators
- Multiple failed login attempts followed by policy modifications
Network Indicators:
- Unusual traffic patterns to the policy management UI endpoints
- Requests containing suspicious JavaScript or HTML payloads
SIEM Query:
source="absolute_secure_access" AND (event_type="policy_change" OR event_type="configuration_modification") AND user!="expected_admin_users"