Cyber Security News

Critical AI Security Flaws Let Attackers Bypass Detection & Execute Remote Code

Artificial Intelligence (AI) has become one of the fastest-booming technologies of this decade, with several advancements in multiple industries.

In several cases, threat actors have exploited AI systems to retrieve sensitive information later used in other attack vectors.

However, such a booming technology must be vigilant towards vulnerabilities that arise during the development or run time. 

A bug bounty program was created to protect Artificial intelligence that detected several vulnerabilities using custom-developed and open-source tools. 

Free Webinar

Fastrack Compliance: The Path to ZERO-Vulnerability

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

Critical AI Security Flaws

According to the reports shared with Cyber Security News, there were more than 9 vulnerabilities detected this month. The most crucial ones were a Validation Bypass, Arbitrary File Overwrite via Malicious Source URL, and Local file inclusion. 

The CVEs for these vulnerabilities were assigned as CVE-2024-0520 (10.0 – Critical), CVE-2023-6976 (8.8 – High), and CVE-2023-6977 (10.0 – Critical).

CVE-2024-0520: MLflow Arbitrary File Overwrite

This vulnerability exists in the MLflow, a tool for storing and tracking models in which an attacker can perform an arbitrary file overwrite due to the code used to pull down remote data storage. Users can be manipulated into using a malicious remote data source that will alternatively execute commands in the user’s context.

CVE-2023-6976 – MLflow Arbitrary File Overwrite

One of the MLflow functions that validate file path safety had a bypass vulnerability that would allow a threat actor to remotely overwrite files on the MLflow server, resulting in remote code execution. A threat actor can also overwrite the SSH keys on the system or edit the .bashrc file to execute arbitrary commands on the system when the next user logs in.

CVE-2023-6977 –  MLflow Local File Include

In certain types of operating systems, the hosted MLflow can be manipulated into displaying sensitive file contents due to a file path safety bypass, which can also potentially lead to system takeover if the SSH keys or cloud keys were stored on the server with MLflow read permissions.

A complete report has been published, which provides detailed information about these vulnerabilities, potential exploitation, impact, and other information. 

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Volkswagen Hacked – Hackers Stolen 19,000 Documents From VW Server

Volkswagen, one of the world's leading automotive manufacturers, has fallen victim to a sophisticated hacking…

31 mins ago

Beware Of Fake MetaMask Android Apps That Steal Login Details

Threat actors exploit fake Android apps primarily for illicit reasons, such as stealing sensitive and…

2 hours ago

CrushFTP Zero-Day Could Allow Attackers To Gain Complete Server Access

CrushFTP disclosed a zero-day vulnerability (CVE-2024-4040) affecting versions below 10.7.1 and 11.1.0. The vulnerability allows…

2 hours ago

IBM QRadar XSS Flaw Let Attackers Arbitrary JavaScript Code

A significant vulnerability was detected in IBM QRadar Suite Software and Cloud Pak for Security,…

2 hours ago

Seedworm Hackers Exploit RMM Tools to Deliver Malware

The notorious hacking group Seedworm, also known as MuddyWater, has been found exploiting legitimate remote…

2 hours ago

WordPress Plugin Flaw Exposes 10k+ Websites to Cyber Attacks

A critical vulnerability in the WP Datepicker WordPress plugin was identified, affecting over 10,000 active…

4 hours ago