CVE-2024-42006
📋 TL;DR
Keyfactor AWS Orchestrator through version 2.0 contains an information disclosure vulnerability that allows unauthorized access to sensitive data. This affects organizations using Keyfactor AWS Orchestrator for certificate lifecycle management. Attackers could potentially access configuration data, credentials, or other sensitive information.
💻 Affected Systems
- Keyfactor AWS Orchestrator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of AWS credentials, certificate private keys, and configuration secrets leading to unauthorized access to AWS resources and certificate infrastructure.
Likely Case
Exposure of configuration details, API keys, or internal network information that could facilitate further attacks against the certificate management system.
If Mitigated
Limited exposure of non-critical configuration data with proper network segmentation and access controls in place.
🎯 Exploit Status
CWE-200 indicates information exposure, suggesting the vulnerability may be accessible without authentication. No public exploit code has been identified at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 2.0
Vendor Advisory: https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click
Restart Required: Yes
Instructions:
1. Review the Keyfactor advisory at the provided URL. 2. Upgrade to the latest version of Keyfactor AWS Orchestrator (post-2.0). 3. Restart the orchestrator service after upgrade. 4. Verify the fix by checking the version and testing for the vulnerability.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to the Keyfactor AWS Orchestrator to only trusted IP addresses and required services.
Access Control Hardening
allImplement strict authentication and authorization controls for all orchestrator endpoints.
🧯 If You Can't Patch
- Implement network-level controls to restrict access to the orchestrator to only necessary IP addresses and services.
- Monitor access logs for unusual patterns and implement alerting for unauthorized access attempts.
🔍 How to Verify
Check if Vulnerable:
Check if Keyfactor AWS Orchestrator version is 2.0 or earlier. Review configuration files and logs for signs of unauthorized information access.Check Version:
Check the orchestrator web interface or configuration files for version information. Typically found in admin panels or about pages.Verify Fix Applied:
Verify the orchestrator version is greater than 2.0. Test that sensitive information endpoints are properly secured and require authentication.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to sensitive endpoints
- Unusual data retrieval patterns from the orchestrator
Network Indicators:
- Unexpected outbound connections from the orchestrator
- Traffic to sensitive endpoints without proper authentication
SIEM Query:
source="keyfactor-orchestrator" AND (status=401 OR status=403) | count by src_ip, endpoint