Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-28892
CVE-2024-28892:
Linux openSUSE vulnerability analysis and mitigation
Overview
An OS command injection vulnerability (CVE-2024-28892) was discovered in GoCast version 1.1.3. The vulnerability exists in the name parameter and was disclosed on November 21, 2024. The affected software, GoCast, is a tool that provides BGP routing for advertisements from a host using GoBGP, commonly used for anycast-based load balancing for infrastructure service instances (Talos Report).
Technical details
The vulnerability occurs when the name of an app is used to create the label of a new loopback interface. The injection point is located in system.go:addLoopback function, with the exploitation limited to a string length of 12 characters due to Linux Kernel network interface label size restrictions. The vulnerability has been assigned a CVSSv3 score of 9.8 (CRITICAL) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high severity across confidentiality, integrity, and availability impacts (Talos Report).
Impact
A successful exploitation of this vulnerability can lead to arbitrary command execution on the affected system. The vulnerability is particularly severe as it can be triggered through an unauthenticated HTTP request, potentially allowing remote attackers to gain unauthorized access and execute commands on the target system (Talos Report).
Mitigation and workarounds
Users are advised to implement several mitigation strategies: 1) Disable the HTTP API or implement authentication through a proxy if the API cannot be disabled, 2) Disable Consul integration if possible, 3) Verify that file permissions for the configuration file prevent users other than root and the GoCast user from modifying it. For developers, it is recommended to implement proper input sanitization by surrounding the label argument with single quotes and removing all single quotes from the label string before insertion into the command (Talos Report).
Community reactions
The vulnerability was discovered by Matt Street and Edwin Molenaar of Cisco Meraki and was publicly disclosed after a coordinated vulnerability disclosure process that began in April 2024. The vendor was contacted multiple times throughout 2024, with a patch reported as upcoming in May 2024 (Talos Report, Talos Blog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management