CVE-2024-6396 – This vulnerability in aimhubio/aim version 3.19... (How to Fix)

Q: What is the severity of CVE-2024-6396?

CVE-2024-6396 has a CVSS score of 9.8 (CRITICAL). This vulnerability in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the server and exfiltrate arbitrary data by manipulating the `run_hash` and `repo.path` parameters. It affects any system running the vulnerable version of aim, potentially leading to complete system compromise.

📋 TL;DR

This vulnerability in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the server and exfiltrate arbitrary data by manipulating the `run_hash` and `repo.path` parameters. It affects any system running the vulnerable version of aim, potentially leading to complete system compromise.

💻 Affected Systems

Products:

aimhubio/aim

Versions: 3.19.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Any deployment using the vulnerable version is affected regardless of configuration.

📦 What is this software?

Aim by Aimstack

View all CVEs affecting Aim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data exfiltration, and permanent denial of service by overwriting critical system files.

🟠

Likely Case

Data theft and service disruption through file overwrites, potentially leading to privilege escalation.

🟢

If Mitigated

Limited impact if proper network segmentation and file permissions are in place, but still significant risk.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is publicly documented with proof-of-concept available, making exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.19.4 or later

Vendor Advisory: https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0

Restart Required: Yes

Instructions:

1. Stop the aim service. 2. Update aim to version 3.19.4 or later using pip: `pip install aim>=3.19.4`. 3. Restart the aim service.

🔧 Temporary Workarounds

Disable backup functionality

all

Temporarily disable the vulnerable _backup_run function if patching is not immediately possible.

Modify aim configuration to disable backup features or block access to backup endpoints

Network isolation

all

Restrict network access to aim instances to trusted networks only.

Configure firewall rules to limit inbound connections to aim service

🧯 If You Can't Patch

Implement strict network segmentation to isolate aim instances from critical systems
Apply strict file system permissions to limit the impact of file overwrites

🔍 How to Verify

Check if Vulnerable:

Check aim version: `aim --version` or `pip show aim` and verify if version is 3.19.3

Check Version:

aim --version

Verify Fix Applied:

Verify aim version is 3.19.4 or later: `aim --version` should show 3.19.4+

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations in aim logs
Access to backup endpoints with suspicious parameters

Network Indicators:

Unexpected outbound data transfers from aim servers
Requests to backup endpoints with unusual paths

SIEM Query:

source="aim" AND (event="backup" OR event="file_write") AND (path CONTAINS "/etc/" OR path CONTAINS "/root/")

📊 Metadata

CVE ID: CVE-2024-6396

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-29

Published: July 12, 2024

Last Updated: July 23, 2025

🔗 References

https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0 Exploit,Third Party Advisory
https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6396, you might also want to check these: