PoC Exploit Released for HTTP File Server Remote Code Execution Vulnerability

A proof-of-concept (PoC) exploit has been released for a critical remote code execution vulnerability in the HTTP File Server (HFS) software, identified as CVE-2024-39943.

This vulnerability affects HFS version 3 before 0.52.10 on Linux, UNIX, and macOS systems, allowing remote authenticated users with upload permissions to execute OS commands due to the use of execSync instead of spawnSync in the child_process Module of Node.js.

EHA

Details of the Vulnerability

The vulnerability arises because HFS uses a shell to execute the df command, which attackers can exploit to run arbitrary commands on the host system. The National Vulnerability Database (NVD) has acknowledged this issue but not yet fully analyzed it.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

The PoC exploit from Truonghuuphuc demonstrates how attackers can leverage this flaw to gain control over vulnerable systems.

By exploiting this vulnerability, attackers can execute commands to gather system information, create backdoor accounts, and potentially deploy malware. This type of exploitation can lead to significant security breaches, including data theft and system compromise.

Mitigation

Users of HFS are strongly advised to update to version 0.52.10 or later to mitigate this vulnerability. The update addresses the issue by replacing execSync with spawnSync in the child_process module, thereby preventing the execution of arbitrary commands via the shell

To deploy the updated HFS version with the necessary configuration, users can use the following command:

./hfs --config config.yaml

Administrators should ensure that their HFS installations are updated to the latest version to protect against potential attacks exploiting this vulnerability.

Patch your HTTP File Server (HFS) & Prevent Exploitation

Update HFS to Version 0.52.10 or Later:

The vulnerability is fixed in HFS version 0.52.10. Ensure you download and install this version or any later version to mitigate the issue. This update replaces the use of execSync with spawnSync in the child_process module of Node.js, which prevents the execution of arbitrary OS commands.

Disable Upload Permissions Temporarily:

If you cannot immediately update HFS, consider temporarily disabling upload permissions for all users. This will reduce the risk of exploitation until the update can be applied[4].

Implement Strong Authentication Mechanisms:

Ensure that strong authentication mechanisms are in place. Regularly review and restrict user permissions, especially upload permissions, to minimize the risk of unauthorized access.

Monitor Systems for Suspicious Activities:

Continuously monitor your systems for any suspicious activities or unauthorized command executions. Implement logging and alerting mechanisms to detect potential exploitation attempts.

Network Segmentation:

Consider implementing network segmentation to limit the potential impact of exploitation. This can help contain any breach and protect critical assets.

Regular Audits and Updates:

Audit and update all instances of HFS in your environment regularly. Keeping software up-to-date is crucial for maintaining security and protecting against newly discovered vulnerabilities.

By following these steps, you can effectively mitigate the risk posed by the CVE-2024-39943 vulnerability and secure your HTTP File Server from potential exploitation.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.