CVE-2024-49375
📋 TL;DR
CVE-2024-49375 is a critical remote code execution vulnerability in Rasa, an open-source machine learning framework for conversational AI. Attackers can execute arbitrary code by loading malicious models into vulnerable Rasa instances. This affects Rasa installations with the HTTP API enabled and insufficient authentication controls.
💻 Affected Systems
- Rasa
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to execute arbitrary commands, steal data, deploy malware, or pivot to other systems.
Likely Case
Unauthorized access to the Rasa server leading to data exfiltration, service disruption, or deployment of crypto-mining malware.
If Mitigated
Limited impact with proper authentication and access controls, potentially only affecting authorized users with malicious intent.
🎯 Exploit Status
Exploitation requires ability to load malicious models via API endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.6.21
Vendor Advisory: https://github.com/RasaHQ/rasa-pro-security-advisories/security/advisories/GHSA-cpv4-ggrr-7j9v
Restart Required: Yes
Instructions:
1. Stop Rasa service. 2. Update Rasa using pip: pip install --upgrade rasa==3.6.21. 3. Restart Rasa service.
🔧 Temporary Workarounds
Disable HTTP API
allRemove --enable-api flag from Rasa startup to disable vulnerable endpoint
Remove '--enable-api' from Rasa startup command or configuration
Implement Authentication
allConfigure authentication for Rasa API endpoints as per documentation
Follow Rasa authentication documentation: https://rasa.com/docs/rasa/security
🧯 If You Can't Patch
- Implement strict network access controls to limit API access to trusted IPs only
- Enable comprehensive authentication and authorization for all API endpoints
🔍 How to Verify
Check if Vulnerable:
Check if Rasa version is below 3.6.21 and HTTP API is enabledCheck Version:
rasa --versionVerify Fix Applied:
Verify Rasa version is 3.6.21 or higher and test model loading functionality📡 Detection & Monitoring
Log Indicators:
- Unusual model loading activity
- API requests from unexpected sources
- Authentication failures followed by successful model loads
Network Indicators:
- HTTP POST requests to /model endpoints from untrusted sources
- Unusual outbound connections from Rasa server
SIEM Query:
source="rasa.log" AND ("model" AND "load") AND NOT user="trusted_user"