CVE-2024-45791 – Apache HertzBeat versions before 1.6.1 contain ... (How to Fix)

Q: What is the severity of CVE-2024-45791?

CVE-2024-45791 has a CVSS score of 7.5 (HIGH). Apache HertzBeat versions before 1.6.1 contain an information disclosure vulnerability that allows unauthorized actors to access sensitive information. This affects all users running vulnerable versions of the monitoring tool. Attackers could potentially access credentials, configuration data, or other sensitive system information.

📋 TL;DR

Apache HertzBeat versions before 1.6.1 contain an information disclosure vulnerability that allows unauthorized actors to access sensitive information. This affects all users running vulnerable versions of the monitoring tool. Attackers could potentially access credentials, configuration data, or other sensitive system information.

💻 Affected Systems

Products:

Apache HertzBeat

Versions: All versions before 1.6.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Hertzbeat by Apache

View all CVEs affecting Hertzbeat →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain access to administrative credentials, database connections, API keys, or other sensitive configuration data, leading to complete system compromise.

🟠

Likely Case

Unauthorized access to monitoring data, system metrics, or partial configuration information that could facilitate further attacks.

🟢

If Mitigated

Limited exposure of non-critical information or failed exploitation attempts due to network segmentation and access controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CWE-200 vulnerabilities typically involve straightforward information disclosure through API endpoints or file access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.1

Vendor Advisory: https://lists.apache.org/thread/jmbsfjsvrfnvosh1ftrm3ry4j3sb7doz

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Stop HertzBeat service. 3. Download version 1.6.1 from Apache repository. 4. Replace existing installation with new version. 5. Restart HertzBeat service. 6. Verify functionality.

🔧 Temporary Workarounds

Network Isolation

linux

Restrict network access to HertzBeat to only trusted IP addresses

iptables -A INPUT -p tcp --dport 1157 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 1157 -j DROP

Reverse Proxy with Authentication

all

Place HertzBeat behind a reverse proxy with authentication requirements

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor access logs for unauthorized connection attempts

🔍 How to Verify

Check if Vulnerable:

Check HertzBeat version via web interface or configuration files

Check Version:

curl -s http://localhost:1157/api/summary | grep version

Verify Fix Applied:

Confirm version is 1.6.1 or later and test that sensitive endpoints are properly secured

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to sensitive endpoints
Unusual request patterns to configuration or data endpoints

Network Indicators:

External connections to HertzBeat default port 1157
Unusual data exfiltration patterns

SIEM Query:

source="hertzbeat" AND (uri_path="/api/config" OR uri_path="/api/credential" OR status=200 AND bytes_transferred>100000)

📊 Metadata

CVE ID: CVE-2024-45791

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: November 18, 2024

Last Updated: June 24, 2025

🔗 References

https://lists.apache.org/thread/jmbsfjsvrfnvosh1ftrm3ry4j3sb7doz Mailing List,Vendor Advisory
https://lists.apache.org/thread/lvsczrp8kdynppmzyxtkh4ord4gpw1ph Mailing List,Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/11/16/5 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45791, you might also want to check these: