CVE-2024-42360 – CVE-2024-42360 is a command injection vulnerabi... (How to Fix)

Q: What is the severity of CVE-2024-42360?

CVE-2024-42360 has a CVSS score of 9.8 (CRITICAL). CVE-2024-42360 is a command injection vulnerability in SequenceServer BLAST+ server software where improper input sanitization in HTTP endpoints allows attackers to execute arbitrary shell commands. This affects all SequenceServer instances running vulnerable versions, potentially compromising the entire server. The vulnerability is critical with a CVSS score of 9.8.

📋 TL;DR

CVE-2024-42360 is a command injection vulnerability in SequenceServer BLAST+ server software where improper input sanitization in HTTP endpoints allows attackers to execute arbitrary shell commands. This affects all SequenceServer instances running vulnerable versions, potentially compromising the entire server. The vulnerability is critical with a CVSS score of 9.8.

💻 Affected Systems

Products:

SequenceServer

Versions: All versions before 3.1.2

Operating Systems: All platforms running SequenceServer

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Sequenceserver by Wurmlab

View all CVEs affecting Sequenceserver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing arbitrary command execution as the SequenceServer process user, potentially leading to data theft, system takeover, or lateral movement within the network.

🟠

Likely Case

Remote code execution leading to installation of malware, data exfiltration, or use of the server as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if server runs with minimal privileges, network segmentation is in place, and proper monitoring detects exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The advisory suggests exploitation is straightforward via HTTP requests to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.2

Vendor Advisory: https://github.com/wurmlab/sequenceserver/security/advisories/GHSA-qv32-5wm2-p32h

Restart Required: Yes

Instructions:

1. Stop SequenceServer service. 2. Update to version 3.1.2 using 'gem update sequenceserver'. 3. Restart SequenceServer service.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict access to SequenceServer to trusted IP addresses only

iptables -A INPUT -p tcp --dport [SequenceServer_port] -s [trusted_ip] -j ACCEPT
iptables -A INPUT -p tcp --dport [SequenceServer_port] -j DROP

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to SequenceServer
Run SequenceServer with minimal privileges using a dedicated low-privilege user account

🔍 How to Verify

Check if Vulnerable:

Check SequenceServer version with 'sequenceserver --version' or examine Gemfile.lock for sequenceserver gem version

Check Version:

sequenceserver --version

Verify Fix Applied:

Confirm version is 3.1.2 or higher using 'sequenceserver --version'

📡 Detection & Monitoring

Log Indicators:

Unusual shell commands in system logs
HTTP requests with shell metacharacters in parameters
Process execution from SequenceServer user outside normal patterns

Network Indicators:

HTTP requests containing shell metacharacters like ;, |, &, $, (, ), {, } in query parameters

SIEM Query:

source="sequenceserver.log" AND ("cmd" OR "exec" OR "system" OR "bash" OR "sh")

📊 Metadata

CVE ID: CVE-2024-42360

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: August 14, 2024

Last Updated: August 16, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42360, you might also want to check these: