CVE-2024-5264 – CVE-2024-5264 allows administrators with consol... (How to Fix)

Q: What is the severity of CVE-2024-5264?

CVE-2024-5264 has a CVSS score of 5.9 (MEDIUM). CVE-2024-5264 allows administrators with console access to Thales Luna EFT to potentially access backup files through offline analysis, bypassing intended access controls. This affects Thales Luna EFT version 2.1 and above. The vulnerability requires administrative console access to exploit.

📋 TL;DR

CVE-2024-5264 allows administrators with console access to Thales Luna EFT to potentially access backup files through offline analysis, bypassing intended access controls. This affects Thales Luna EFT version 2.1 and above. The vulnerability requires administrative console access to exploit.

💻 Affected Systems

Products:

Thales Luna EFT

Versions: 2.1 and above

Operating Systems: All supported OS for Thales Luna EFT

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrative console access to exploit. Backup functionality must be enabled.

📦 What is this software?

Luna Eft by Thalesgroup

View all CVEs affecting Luna Eft →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator with malicious intent could extract sensitive backup data containing cryptographic keys, configuration files, or other protected information, potentially compromising the entire HSM ecosystem.

🟠

Likely Case

Authorized administrators could inadvertently or intentionally access backup files they shouldn't have access to, violating security policies and potentially exposing sensitive data.

🟢

If Mitigated

With proper access controls and monitoring, the risk is limited to authorized administrators who are already trusted with high-level system access.

🌐 Internet-Facing: LOW - This vulnerability requires administrative console access and is not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - While it requires administrative access, it could be exploited by malicious insiders or compromised administrative accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrative console access and knowledge of backup analysis procedures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Thales support portal for specific patch versions

Vendor Advisory: https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=50da3cd9c302c218204e2a6ce00131b9&sysparm_article=KB0028531

Restart Required: Yes

Instructions:

1. Log into Thales support portal
2. Download the latest patch for Luna EFT
3. Follow Thales patch installation procedures
4. Restart affected services

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit administrative console access to only essential personnel and implement strict access controls

Disable Unnecessary Backup Features

all

Disable backup functionality if not required for operations

🧯 If You Can't Patch

Implement strict access controls and monitoring for administrative console activities
Regularly audit backup access logs and implement separation of duties for backup management

🔍 How to Verify

Check if Vulnerable:

Check if running Thales Luna EFT version 2.1 or above with backup functionality enabled

Check Version:

Check version through Thales Luna EFT management interface or consult system documentation

Verify Fix Applied:

Verify patch installation through Thales management console and confirm version is updated

📡 Detection & Monitoring

Log Indicators:

Unauthorized backup access attempts
Unusual backup analysis activities
Multiple backup extraction attempts

Network Indicators:

Unusual administrative console access patterns

SIEM Query:

Search for backup-related activities from administrative accounts outside normal business hours

📊 Metadata

CVE ID: CVE-2024-5264

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-338

Published: May 23, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5264, you might also want to check these: