Horizon Alert
Summary of the vulnerability and why it matters
A critical vulnerability has been identified in Mysterium Node software, specifically affecting its configuration endpoint. This flaw allows unauthenticated attackers to take full control of a node, potentially disrupting network services or enabling malicious activities. The primary concern is to determine if this software is in use and exposed to external networks.
- Unauthenticated access can seize node control.
- Critical to confirm software relevance and exposure.
- Assess impact; confirm operational relevance now.
Attack Path
How an attacker could exploit the issue
An attacker can target the Mysterium Node's configuration API over the network. By sending a specially crafted POST request to the `/tequilapi/config/user` endpoint, an unauthenticated attacker can exploit an improper authorization flaw. This allows them to arbitrarily change the node's settings, potentially leading to complete control over the compromised node.
- No authentication required.
- POST request to config user endpoint.
- Full node takeover risk.
Live Threat
Current exploitation, exposure, and threat context
An unauthenticated attacker could gain complete control of a Mysterium Node by sending a specially crafted request to the `/tequilapi/config/user` endpoint. This would allow them to modify the node's configuration settings arbitrarily, leading to a full takeover of the node.
- Node configuration and control.
- Via crafted POST request to API.
- Full node takeover possible.
Operational Fix
Recommended remediation, mitigation, and detection steps
To address this vulnerability, the platform or infrastructure team responsible for managing the Mysterium Node deployments is likely accountable for initiating the remediation process. The first practical step involves identifying all instances of the affected technology, assessing their network exposure and business criticality, and then locating the specific owner for each instance to plan a coordinated response.
- Identify affected node deployments.
- Verify external reachability and criticality.
- Coordinate remediation with node owners.