CVE-2024-6360
📋 TL;DR
This vulnerability allows attackers to abuse incorrect permissions on Vertica agent API keys, potentially gaining unauthorized access or elevated privileges. It affects all Vertica versions from 10.0 through 24.X. The high CVSS score of 9.8 indicates critical severity with low attack complexity.
💻 Affected Systems
- OpenText Vertica
📦 What is this software?
Vertica by Microfocus
Vertica by Microfocus
Vertica by Microfocus
Vertica by Opentext
Vertica by Opentext
Vertica by Opentext
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of Vertica database with administrative privileges, data exfiltration, and potential lateral movement to connected systems.
Likely Case
Unauthorized access to sensitive database information, privilege escalation within Vertica environment, and potential data manipulation.
If Mitigated
Limited impact if proper network segmentation and access controls prevent exploitation attempts.
🎯 Exploit Status
Exploitation requires some level of access but is technically straightforward once initial access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://portal.microfocus.com/s/article/KM000033373?language=en_US
Restart Required: Yes
Instructions:
1. Review vendor advisory for specific patched versions
2. Apply the appropriate patch for your Vertica version
3. Restart Vertica services
4. Verify patch application
🔧 Temporary Workarounds
Restrict API Key Access
allManually review and restrict permissions on Vertica agent API keys to minimum required access
Review and modify API key permissions through Vertica administration tools
Network Segmentation
allIsolate Vertica instances from untrusted networks and implement strict firewall rules
Configure firewall to restrict access to Vertica ports (default 5433, 5444)
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach Vertica instances
- Monitor for suspicious API key usage and implement additional authentication layers
🔍 How to Verify
Check if Vulnerable:
Check Vertica version against affected ranges: 10.0-10.X, 11.0-11.X, 12.0-12.X, 23.0-23.X, 24.0-24.XCheck Version:
SELECT version();Verify Fix Applied:
Verify Vertica version is updated beyond affected ranges and check API key permissions are properly restricted📡 Detection & Monitoring
Log Indicators:
- Unauthorized API key usage
- Unexpected privilege escalation attempts
- Suspicious agent connections
Network Indicators:
- Unusual traffic patterns to Vertica agent ports
- Connection attempts from unauthorized sources
SIEM Query:
Search for Vertica API key authentication failures or unexpected privilege changes