External risk intelligence

Craft CMS Remote Code Execution Advisory.

CVE advisoryKnown Exploit

CVE-2024-56145

A vulnerability in Craft CMS could allow remote code execution if the `register_argc_argv` PHP setting is enabled. This could affect systems and data, posing a business risk to organizations using the platform.

4Halo Surface Signal

Code Injection

Craftcms Craft Cms

3.0.0 to before 3.9.144.0.0 to before 4.13.25.0.0 to before 5.5.2

External exposure likelihood

Halo Surface Signal score for CVE-2024-56145

Craft CMS is a content management system designed to power public-facing websites. As a web application, it is commonly deployed on internet-accessible web servers, making the underlying application interface and its endpoints reachable from the public internet in standard deployment patterns.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

Craft CMS, a platform for building digital experiences, has a vulnerability that could allow for the execution of arbitrary code. This flaw exists when a specific PHP configuration setting, `register_argc_argv`, is enabled. If exploited, this could lead to unauthorized code execution on affected systems.

  • Unspecified remote code execution vector.
  • Remote code execution.
  • Compromised systems and data.

Attack Path

How an attacker could exploit the issue

This vulnerability presents a remote code execution risk for organizations using Craft CMS when specific conditions are met. An attacker could exploit this by triggering a code injection vector. Successful exploitation would allow an attacker to gain control over affected systems, potentially leading to unauthorized access and manipulation of data.

  • The PHP configuration `register_argc_argv` must be enabled.
  • An attacker sends a request to the affected system.
  • Code injection occurs, leading to remote code execution.

Live Threat

Current exploitation, exposure, and threat context

The identified vulnerability in Craft CMS presents a significant risk, enabling remote code execution under specific configuration conditions. This could allow attackers to compromise affected systems and potentially gain control over them. Organizations using Craft CMS should consider this a high-priority issue, especially if their `php.ini` configuration includes `register_argc_argv` enabled.

  • Likely attacker skill level: Low
  • Required access or conditions: Network access, `register_argc_argv` enabled
  • Business risk or urgency: Critical, requires immediate attention

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

An organization that uses Craft CMS should take immediate action to address a critical vulnerability. This vulnerability can lead to remote code execution if specific configuration settings are enabled. The risk is to systems, data, and the overall business operations due to potential unauthorized access and control.

  • Find affected Craft CMS assets.
  • Reduce exposure by disabling `register_argc_argv`.
  • Apply vendor fix and validate.
  • Monitor for related issues.

Frequently asked questions

What is Craft CMS and its primary purpose?

Craft CMS is a versatile and user-friendly content management system used for creating custom websites and digital experiences. It enables users to manage and deliver content effectively across various platforms.

What type of vulnerability is CVE-2024-56145 in Craft CMS?

CVE-2024-56145 is identified as a code injection vulnerability (CWE-94) within Craft CMS. This weakness allows for the potential execution of malicious code by an attacker on the server.

What specific PHP configuration is required to trigger the Craft CMS vulnerability?

The Craft CMS vulnerability can be exploited if the `register_argc_argv` setting in the `php.ini` configuration file is enabled for the affected installations.

What is the potential impact of CVE-2024-56145 on affected Craft CMS installations?

If an attacker exploits CVE-2024-56145 on a Craft CMS installation where `register_argc_argv` is enabled, they could achieve remote code execution, potentially leading to system compromise and data breaches. This threat advisory from Halo Surface Signal indicates a 'Likely' risk due to the nature of web applications.

What are the recommended actions for mitigating the Craft CMS vulnerability?

To address this vulnerability, users are advised to update Craft CMS to version 3.9.14, 4.13.2, or 5.5.2. If an immediate upgrade is not possible, disabling the `register_argc_argv` setting in `php.ini` can serve as a mitigation.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified