Threat Alert: PHP Security Vulnerability (CVE-2024-4457)
PHP Security Vulnerability with Potential to Enable Remote Code Execution.
Information was released over the weekend regarding a serious security vulnerability in PHP that could potentially be used to carry out Remote Code Execution (RCE) under specific conditions.
The vulnerability, known as CVE-2024-4577, is described as a CGI argument injection flaw that affects all versions of PHP installed on the Windows operating system. According to DEVCORE security researchers, this vulnerability allows attackers to bypass protections put in place for another security flaw, CVE-2012-1823.
If successfully exploited, this vulnerability would enable an unauthenticated remote attacker to execute arbitrary commands on the underlying operating system. This could significantly impact the confidentiality, integrity, and availability of the system.
Security researchers have confirmed instances of exploitation on Windows platforms operating in the traditional Chinese (cp950), Simplified Chinese (cp936), and Japanese (cp932) locales. However, for Windows systems operating in other locales such as English, Korean, and Western European, the wide range of PHP usage scenarios makes it currently difficult to completely identify and eliminate all potential exploitation scenarios.
What Quadrant is doing for our clients:
The Quadrant SOC identified scanning for this vulnerability in our Honeypot network and Greynoise also identified scanning from known malicious IP addresses. We have added the scanning IP addresses to our BlueDot Threat Intelligence system to identify scanning activity in our customer networks and we are closely monitoring the situation.