CVE-2024-21643 : Security Advisory and Response

This CVE involves a remote code execution vulnerability in Microsoft.IdentityModel.Protocols.SignedHttpRequest, impacting systems using Azure Active Directory IdentityModel extensions for .NET. The vulnerability was assigned by GitHub_M and has a high severity score of 7.1.

Understanding CVE-2024-21643

This vulnerability, identified as CWE-94, allows for improper control of code generation (code injection) within the

SignedHttpRequest

protocol. Attackers can exploit this vulnerability remotely with a high impact on confidentiality and integrity.

What is CVE-2024-21643?

The vulnerability lies in the trust of the

jku

claim by default in the

SignedHttpRequest

protocol, potentially enabling malicious HTTP GET requests. Any entity using the

SignedHttpRequest

protocol or

SignedHttpRequestValidator

is at risk.

The Impact of CVE-2024-21643

With a base severity rating of "HIGH" and key impacts on confidentiality and integrity, this vulnerability poses a significant threat to systems using Microsoft.IdentityModel.Protocols.SignedHttpRequest. Immediate action is necessary to prevent exploitation.

Technical Details of CVE-2024-21643

This section provides crucial technical insights into the vulnerability, its affected systems, and the exploitation mechanism.

Vulnerability Description

The vulnerability in Microsoft.IdentityModel.Protocols.SignedHttpRequest allows for code injection, enabling remote code execution. It affects systems using the

SignedHttpRequest

protocol and

SignedHttpRequestValidator

.

Affected Systems and Versions

Vendor: AzureAD
Product: azure-activedirectory-identitymodel-extensions-for-dotnet
Affected Versions:
< 6.34.0

>= 7.0.0-preview, < 7.1.2

Exploitation Mechanism

Attackers can exploit this vulnerability by manipulating the

jku

claim in the

SignedHttpRequest

protocol to execute malicious code remotely or locally. This could lead to unauthorized access and data breaches.

Mitigation and Prevention

Addressing CVE-2024-21643 requires a combination of immediate actions and long-term security measures to protect systems from potential exploits.

Immediate Steps to Take

Users are advised to update all instances of Microsoft.IdentityModel to version 7.1.2 or higher for 7.x versions, and version 6.34.0 or higher for 6.x versions. Updating to the patched versions is crucial to mitigate the vulnerability.

Long-Term Security Practices

Implementing secure coding practices, regular security audits, and employee training on identifying and reporting vulnerabilities can help enhance overall security posture and reduce the risk of future exploits.

Patching and Updates

Regularly monitoring for security patches and updates from AzureAD and Microsoft for the affected products is essential. Promptly applying patches and staying informed about security advisories can prevent potential security incidents.