CVE-2024-43405 – This vulnerability allows attackers to bypass N... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to bypass Nuclei's template signature verification by exploiting a discrepancy in how newline characters are handled. Attackers can inject malicious code into templates while maintaining valid signatures for benign parts, potentially leading to remote code execution. CLI users executing custom code templates from unverified sources and SDK users allowing end-users to execute custom templates are affected.

💻 Affected Systems

Products:

Nuclei

Versions: 3.0.0 to 3.3.1

Operating Systems: All platforms running Nuclei

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects both CLI users and SDK integrations. Custom code templates must be executed for exploitation.

📦 What is this software?

Nuclei by Projectdiscovery

View all CVEs affecting Nuclei →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Nuclei process, potentially leading to full system compromise, data theft, or lateral movement within networks.

🟠

Likely Case

Execution of arbitrary malicious code through specially crafted templates, potentially leading to data exfiltration, system manipulation, or further exploitation.

🟢

If Mitigated

No impact when using only verified, trusted templates from official sources with proper signature validation.

🌐 Internet-Facing: MEDIUM - Requires user to execute malicious templates, but templates can be distributed through various channels including repositories and sharing platforms.

🏢 Internal Only: MEDIUM - Internal users could execute malicious templates, but requires template execution privileges and access to vulnerable Nuclei instances.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires creating specially crafted templates that bypass signature verification. The vulnerability details are publicly disclosed in the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.2

Vendor Advisory: https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-7h5p-mmpp-hgmm

Restart Required: No

Instructions:

1. Update Nuclei using: nuclei -update
2. Or download latest release from GitHub: https://github.com/projectdiscovery/nuclei/releases
3. Verify version with: nuclei -version

🔧 Temporary Workarounds

Disable custom code templates

all

Prevent execution of custom code templates to block exploitation

nuclei -disable-code-templates

🧯 If You Can't Patch

Only execute templates from trusted, verified sources with proper signatures
Disable execution of all custom code templates in Nuclei configuration

🔍 How to Verify

Check if Vulnerable:

Check Nuclei version: nuclei -version. If version is between 3.0.0 and 3.3.1 inclusive, system is vulnerable.

Check Version:

nuclei -version

Verify Fix Applied:

Run: nuclei -version. Verify version is 3.3.2 or higher. Test with known safe templates to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Unexpected template execution errors
Signature verification failures
Execution of templates from unverified sources

Network Indicators:

Downloads of Nuclei templates from untrusted repositories
Network connections following template execution

SIEM Query:

process.name:"nuclei" AND (event.action:"template_execution" OR event.action:"code_execution")

📊 Metadata

CVE ID: CVE-2024-43405

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE: CWE-78

Published: September 4, 2024

Last Updated: October 1, 2024

🔗 References

https://github.com/projectdiscovery/nuclei/commit/0da993afe6d41b4b1b814e8fad23a2acba13c60a Patch
https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-7h5p-mmpp-hgmm Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43405, you might also want to check these: