CVE-2024-48729
📋 TL;DR
This vulnerability in ETSI Open-Source MANO (OSM) allows remote authenticated attackers to escalate privileges through the /osm/admin/v1/users API endpoint. Attackers can gain administrative access to the OSM platform, potentially compromising the entire network orchestration system. Organizations running vulnerable OSM versions are affected.
💻 Affected Systems
- ETSI Open-Source MANO (OSM)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the OSM platform allowing attackers to deploy, modify, or delete network services, access sensitive network configuration data, and potentially pivot to underlying infrastructure.
Likely Case
Privilege escalation from regular user to administrator, enabling unauthorized access to management functions and sensitive data within OSM.
If Mitigated
Limited impact if proper network segmentation, API access controls, and monitoring are implemented to detect and block unauthorized privilege escalation attempts.
🎯 Exploit Status
Exploitation requires authenticated access but the vulnerability is in a critical administrative component. The CWE-269 (Improper Privilege Management) suggests straightforward privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: OSM 14.0.3, 15.0.2, and later versions
Vendor Advisory: http://etsi.com
Restart Required: Yes
Instructions:
1. Backup OSM configuration and data. 2. Upgrade to OSM 14.0.3, 15.0.2, or later versions. 3. Restart OSM services. 4. Verify the fix by testing privilege escalation attempts.
🔧 Temporary Workarounds
Restrict API Access
linuxLimit network access to the /osm/admin/v1/users endpoint using firewall rules or API gateway controls.
iptables -A INPUT -p tcp --dport <OSM_PORT> -m string --string "/osm/admin/v1/users" --algo bm -j DROP
Temporary User Management Disable
allDisable user management functionality if not immediately required.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate OSM management interfaces from untrusted networks.
- Enhance monitoring of user privilege changes and API access patterns to detect exploitation attempts.
🔍 How to Verify
Check if Vulnerable:
Check OSM version using 'osm version' command and compare against affected versions. Test authenticated API calls to /osm/admin/v1/users endpoint for privilege escalation.Check Version:
osm versionVerify Fix Applied:
After patching, attempt privilege escalation through the /osm/admin/v1/users endpoint with a non-admin account. Verify the attempt fails and check OSM version confirms patched version.📡 Detection & Monitoring
Log Indicators:
- Unusual user privilege escalation events
- Multiple failed then successful authentication attempts to admin endpoints
- API calls to /osm/admin/v1/users from non-admin accounts
Network Indicators:
- Unusual traffic patterns to OSM admin API endpoints
- Authentication bypass attempts
SIEM Query:
source="osm" AND (url_path="/osm/admin/v1/users" OR event_type="privilege_escalation")