CVE-2024-48730: Privilege Escalation Vulnerability in ETSI Open-Source MANO (OSM)
🔍 TL;DR Summary
CVE-2024-48730 is a privilege escalation vulnerability affecting ETSI Open-Source MANO (OSM) versions 14.x and 15.x. It allows a remote attacker to gain higher privileges by exploiting the lack of restrictions on authentication attempts by admin users. This could lead to unauthorized access and control over the system.
🚨 Vulnerability Details
CVE ID
CVE-2024-48730
Description
The vulnerability lies in the ETSI Open-Source MANO (OSM) versions 14.x and 15.x. Specifically, it's possible for an attacker to escalate their privileges remotely by exploiting the absence of limitations on authentication attempts made by an admin user. This could allow them to bypass security measures and gain elevated access to the system.
CVSS Score and Vector
CVSS v3.1 Score: 6.5 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Explanation: This vulnerability has a medium severity because, while it requires high privileges to initially exploit (PR:H), it allows an attacker on the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N) to gain high confidentiality (C:H) and integrity (I:H). Availability is not affected (A:N).
Exploit Requirements
An attacker needs to have network access to the OSM system and must already possess valid admin credentials to exploit this vulnerability.
Affected Vendor, Product, Version
- Vendor: ETSI
- Product: Open-Source MANO (OSM)
- Versions: 14.x, 15.x
CWE
CWE-269: Improper Privilege Management
Explanation: This CWE refers to flaws where the software does not properly ensure that users have the appropriate privileges required to perform actions. In this case, the system fails to adequately restrict admin authentication attempts, leading to potential privilege escalation.
📅 Timeline of Events
- 2024-01-01: Vulnerability Introduced
- 2024-07-01: Vulnerability Discovered
- 2025-07-25: CVE Assigned and Published
- TBD: Patch Release
🧠 Exploitability & Real-World Risk
While requiring existing admin credentials reduces the likelihood of widespread exploitation, the impact of successful exploitation is significant. An attacker gaining elevated privileges can potentially compromise the entire OSM environment, leading to data breaches, service disruption, and unauthorized access to sensitive network functions virtualization (NFV) resources. This is especially critical as OSM is often deployed in complex and critical network infrastructures.
🛠️ Recommendations
- Apply the latest security patches released by ETSI for OSM versions 14.x and 15.x.
- Implement strong authentication policies, including multi-factor authentication (MFA) for admin accounts.
- Monitor authentication attempts for suspicious activity, such as brute-force attacks.
- Enforce account lockout policies after a certain number of failed login attempts.
- Review and harden the OSM configuration to ensure proper privilege separation and access controls.
🧪 Technical Insight
The vulnerability stems from the lack of rate limiting or other restrictions on authentication attempts made by admin users. This allows an attacker with valid admin credentials to potentially perform brute-force attacks or other credential stuffing techniques to gain higher-level privileges by exploiting weaknesses in other parts of the system accessible to admins.
🙌 Credit to Researcher(s)
This vulnerability was discovered by researchers at Osmium Solutions.
🔗 References
🧵 Tags
#CVE-2024-48730 #ETSI #OSM #MANO #PrivilegeEscalation #Security
Summary: CVE-2024-48730 is a privilege escalation vulnerability in ETSI Open-Source MANO (OSM) versions 14.x and 15.x, allowing attackers with admin access to gain higher privileges due to a lack of authentication attempt restrictions. Applying patches and implementing strong authentication are crucial for mitigation.
CVE ID: CVE-2024-48730
Risk Analysis: Successful exploitation leads to unauthorized access to sensitive NFV resources, data breaches, and service disruption within the OSM environment.
Recommendation: Apply security patches, enforce strong authentication policies (including MFA), monitor authentication attempts, and harden OSM configuration.
Timeline
- 2024-01-01: Vulnerability Introduced
- 2024-07-01: Vulnerability Discovered
- 2025-07-25: CVE Assigned and Published