CVE-2024-51505 – A race condition vulnerability in Atos Eviden I... (How to Fix)

Q: What is the severity of CVE-2024-51505?

CVE-2024-51505 has a CVSS score of 8.0 (HIGH). A race condition vulnerability in Atos Eviden IDRA allows Config Admin users to escalate privileges beyond their intended permissions. This affects IDRA installations before version 2.7.1 where Config Admin roles exist. Attackers with Config Admin access could gain higher privileges through timing-based exploitation.

📋 TL;DR

A race condition vulnerability in Atos Eviden IDRA allows Config Admin users to escalate privileges beyond their intended permissions. This affects IDRA installations before version 2.7.1 where Config Admin roles exist. Attackers with Config Admin access could gain higher privileges through timing-based exploitation.

💻 Affected Systems

Products:

Atos Eviden IDRA

Versions: All versions before 2.7.1

Operating Systems: Not OS-specific - affects IDRA application

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Config Admin role access to exploit. Systems using IDRA for PKI management are affected.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Config Admin users gain full administrative control over the IDRA system, potentially compromising the entire PKI infrastructure and issuing fraudulent certificates.

🟠

Likely Case

Privileged users exploit the race condition to access restricted functions or data they shouldn't have permissions for, leading to unauthorized configuration changes.

🟢

If Mitigated

With proper role separation and monitoring, exploitation attempts are detected and contained before significant damage occurs.

🌐 Internet-Facing: MEDIUM - While exploitation requires Config Admin credentials, internet-facing interfaces could be targeted through credential theft or phishing.

🏢 Internal Only: HIGH - This is primarily an insider threat or compromised account scenario where authorized users abuse their legitimate access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires Config Admin credentials and precise timing to trigger the race condition. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.1

Vendor Advisory: https://support.bull.com/ols/product/security/psirt/security-bulletins/potential-privilege-escalation-in-idpki-psirt-1335-tlp-clear-version-2-10-cve-2024-39327-cve-2024-39328-cve-2024-51505/view

Restart Required: No

Instructions:

1. Download IDRA version 2.7.1 from official Atos Eviden sources. 2. Backup current configuration and data. 3. Apply the update following vendor documentation. 4. Verify successful installation and functionality.

🔧 Temporary Workarounds

Restrict Config Admin Access

all

Limit Config Admin roles to only essential personnel and implement strict access controls.

Implement Session Monitoring

all

Monitor Config Admin user sessions for unusual privilege escalation attempts.

🧯 If You Can't Patch

Implement strict least privilege principle for Config Admin roles
Enable detailed audit logging for all Config Admin activities and review regularly

🔍 How to Verify

Check if Vulnerable:

Check IDRA version via admin interface or configuration files. If version is below 2.7.1, system is vulnerable.

Check Version:

Check IDRA web interface or configuration files for version information (specific command depends on deployment)

Verify Fix Applied:

Confirm IDRA version is 2.7.1 or higher and test Config Admin functionality for proper privilege enforcement.

📡 Detection & Monitoring

Log Indicators:

Multiple rapid privilege change requests from Config Admin accounts
Unusual timing patterns in administrative operations

Network Indicators:

Unusual burst of administrative API calls from single source

SIEM Query:

source="idra" AND (event_type="privilege_change" OR user_role="Config_Admin") AND count > threshold WITHIN 5s

📊 Metadata

CVE ID: CVE-2024-51505

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-362

EPSS Score: 0.13% exploit probability (32th percentile)

Published: February 18, 2025

Last Updated: February 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51505, you might also want to check these: