New Vulnerabilities Discovered in GoAhead Web Server Software
Cybersecurity experts from Cisco Talos have identified two significant vulnerabilities within the GoAhead web server software, a lightweight application commonly integrated into hundreds of millions of Internet-connected smart devices. This discovery raises serious concerns for organizations relying on these technologies.
The first vulnerability, classified as CVE-2019-5096, is a critical code execution flaw. Attackers can exploit this weakness to execute unauthorized code on affected devices. The issue lies in the handling of multi-part/form-data requests within the core GoAhead web server application, impacting versions v5.0.1, v4.1.1, and v3.6.5.
Researchers detailed that an attacker could generate a specially crafted HTTP request that leads to a use-after-free condition, enabling the corruption of heap structures. This results in potential code execution attacks that can compromise device integrity and lead to overarching security threats.
The second vulnerability, designated as CVE-2019-5097, similarly affects the same component and can be exploited in much the same manner. However, this vulnerability primarily results in denial-of-service (DoS) attacks. The researchers explained that it allows a crafted request to induce an infinite loop in the process, pushing CPU utilization to 100%. This type of attack can be executed with unauthenticated GET or POST requests, making it a concerning threat.
Notably, not all devices running the vulnerable versions are susceptible to both flaws. The customizable nature of the GoAhead framework means various implementations may not expose these vulnerabilities. Additionally, if authentication is required for page access, the vulnerabilities cannot be exploited without prior authentication, as this is enforced before the upload handler.
Cisco Talos reported these vulnerabilities to EmbedThis, the GoAhead developer, in late August, leading to the release of security patches two weeks ago to address the issues.
Business owners should be aware of the potential impact of these vulnerabilities on their devices and networks, given the widespread deployment of GoAhead software. The likelihood of exploitation aligns with tactics outlined in the MITRE ATT&CK Matrix, particularly those involving initial access and denial-of-service techniques. Continuous monitoring and deploying updated security measures is crucial in safeguarding organizational assets from such vulnerabilities.
In the rapidly evolving landscape of cybersecurity threats, vigilance and proactive security posture are essential for businesses to defend against potential exploits related to these newly discovered vulnerabilities.