HomeRisk ManagementsWeakness in nuclei permits skipping signature verification and executing malicious code -...

Weakness in nuclei permits skipping signature verification and executing malicious code – Source: securityaffairs.com

Published on

spot_img

A recent discovery by The Wiz’s engineering team has brought to light a critical vulnerability in Nuclei, an open-source vulnerability scanner developed by ProjectDiscovery. This vulnerability, identified as CVE-2024-43405 and scored at 7.4 in terms of severity, could potentially enable attackers to bypass signature checks and execute malicious code.

The root cause of this vulnerability lies in the discrepancies in newline handling and multi-signature processing within the Nuclei scanner. These discrepancies create a loophole that allows attackers to inject harmful content into templates, thereby bypassing security checks and potentially executing malicious code. The advisory published on GitHub regarding this issue emphasized the need for immediate action to address this vulnerability, which affects all versions of Nuclei beyond 3.0.0. Fortunately, the flaw has been patched in version v3.3.2.

Nuclei is a popular vulnerability scanner in the security community, boasting over 21,000 GitHub stars and more than 2.1 million downloads. Its strength lies in its YAML-based templates, which offer flexibility in detecting vulnerabilities and misconfigurations across various protocols such as HTTP, TCP, DNS, TLS, and Code. However, experts caution against the use of the “code” protocol, as it allows the execution of external code on the host system, posing significant risks if not handled properly.

The flexibility of Nuclei templates, particularly those utilizing the “code” protocol, can be leveraged for both legitimate security assessments and malicious activities. This dual nature of the tool highlights the importance of robust validation processes and careful monitoring of template usage to prevent exploitation by malicious actors.

The vulnerability in Nuclei arises from the reliance on signature verification as the sole mechanism for ensuring template integrity. Attackers can exploit parsing conflicts between the regex-based signature validation and the YAML parser to inject unverified but executable content into templates. This vulnerability underscores the critical need for organizations to scrutinize and validate all templates used in their scanning processes to prevent potential security breaches.

Overall, the discovery of this vulnerability serves as a wake-up call for the security community to reassess their approach to using vulnerability scanners like Nuclei. By implementing strict validation processes, monitoring template usage, and staying informed about potential security threats, organizations can mitigate the risks associated with such tools and safeguard their systems against malicious attacks.

In conclusion, the vulnerability in Nuclei highlights the ongoing challenges in cybersecurity and underscores the importance of proactive measures to address potential threats. As the digital landscape continues to evolve, staying ahead of vulnerabilities and adopting best practices in security will be crucial for maintaining a secure environment for businesses and individuals alike.

Source link

Latest articles

Hacking group exposes information on 15k vulnerable FortiGate firewall devices

A recent development in the ongoing cybersecurity saga involving vulnerable Fortinet FortiGate firewall devices...

Biotech company resolves class action lawsuit stemming from ransomware attack with $7.5 million settlement

Enzo Biochem, a prominent biotech company, recently made headlines after agreeing to settle a...

Aadhaar-based biometric verification required for new SIM cards to combat fraud and cybercrime – StartupNews.fyi

The Indian government has announced a new measure to combat fraudulent activities associated with...

Karl Triebes is appointed as Ivanti’s Chief Product Officer

Salt Lake City, January 13, 2025 - Ivanti, a leading software company dedicated to...

More like this

Hacking group exposes information on 15k vulnerable FortiGate firewall devices

A recent development in the ongoing cybersecurity saga involving vulnerable Fortinet FortiGate firewall devices...

Biotech company resolves class action lawsuit stemming from ransomware attack with $7.5 million settlement

Enzo Biochem, a prominent biotech company, recently made headlines after agreeing to settle a...

Aadhaar-based biometric verification required for new SIM cards to combat fraud and cybercrime – StartupNews.fyi

The Indian government has announced a new measure to combat fraudulent activities associated with...