CVE-2024-54662
📋 TL;DR
CVE-2024-54662 is an incorrect access control vulnerability in Dante SOCKS proxy server that allows bypassing authentication restrictions when using certain socksmethod configurations. This affects Dante versions 1.4.0 through 1.4.3, potentially allowing unauthorized network access through misconfigured proxy servers.
💻 Affected Systems
- Dante SOCKS server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could bypass authentication entirely and use vulnerable Dante instances as open proxies for anonymous network access, potentially enabling credential theft, data exfiltration, or launching attacks from compromised infrastructure.
Likely Case
Unauthorized users gain access to internal network resources through misconfigured Dante proxies, potentially accessing services that should be restricted.
If Mitigated
With proper network segmentation and authentication controls, impact is limited to specific proxy instances with vulnerable configurations.
🎯 Exploit Status
Exploitation requires knowledge of vulnerable configuration and access to the proxy service.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.4
Vendor Advisory: https://www.inet.no/dante/advisory-2024-12-16.txt
Restart Required: Yes
Instructions:
1. Download Dante 1.4.4 from https://www.inet.no/dante/ 2. Compile and install following standard build procedures 3. Restart Dante service 4. Verify configuration files remain compatible
🔧 Temporary Workarounds
Remove vulnerable socksmethod configurations
linuxReview and modify sockd.conf to avoid problematic socksmethod configurations mentioned in advisory
# Review sockd.conf for problematic socksmethod lines
# Remove or modify according to advisory
Network access restrictions
linuxImplement firewall rules to restrict Dante proxy access to trusted networks only
# Example iptables rule: iptables -A INPUT -p tcp --dport 1080 -s trusted_network -j ACCEPT
# iptables -A INPUT -p tcp --dport 1080 -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Dante instances from sensitive resources
- Deploy additional authentication layers (client certificates, IP whitelisting) before the proxy
🔍 How to Verify
Check if Vulnerable:
Check Dante version with 'sockd -v' and review sockd.conf for problematic socksmethod configurationsCheck Version:
sockd -vVerify Fix Applied:
Verify version is 1.4.4 or later with 'sockd -v' and test proxy authentication functionality📡 Detection & Monitoring
Log Indicators:
- Unauthorized connection attempts to Dante proxy
- Authentication bypass events in Dante logs
- Unexpected proxy usage patterns
Network Indicators:
- Unusual SOCKS traffic from unexpected sources
- Proxy connections bypassing expected authentication
SIEM Query:
source="dante.log" AND ("authentication failed" OR "connection from" NOT IN expected_ips)