CVE-2024-0157 in Storage Resource Managerinfo

Summary

by MITRE • 04/12/2024

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 05/22/2024

The vulnerability identified as CVE-2024-0157 affects Dell Storage Resource Manager version 4.9.0.0 and earlier releases, specifically within the SRM Windows Host Agent component. This represents a critical session management flaw that exposes the system to unauthorized access attempts. The vulnerability stems from improper session handling mechanisms that allow an attacker to manipulate session identifiers, potentially leading to full application compromise. The affected component operates within the Windows environment and serves as a crucial interface for storage resource management operations.

This session fixation vulnerability (categorized under CWE-384) occurs when the application fails to properly regenerate session identifiers upon successful authentication. The flaw allows an adjacent network attacker to obtain a valid session token and subsequently reuse it to impersonate authenticated users. The vulnerability is particularly concerning because it does not require authentication to exploit, making it accessible to attackers within the same network segment. The Windows Host Agent component typically handles critical storage management functions, making this vulnerability particularly dangerous as it could enable attackers to gain unauthorized access to storage resources and potentially compromise entire storage infrastructures.

The operational impact of this vulnerability extends beyond simple session hijacking, as it could enable attackers to perform unauthorized operations within the storage management environment. An attacker who successfully exploits this vulnerability could access sensitive storage configurations, manipulate data, or potentially disrupt storage operations. The attack surface is limited to adjacent network access, but in enterprise environments where network segmentation is insufficient, this vulnerability could be leveraged to escalate privileges and move laterally within the infrastructure. The vulnerability affects the integrity and availability of storage management operations, potentially leading to data loss or unauthorized data access.

Mitigation strategies for CVE-2024-0157 should prioritize immediate patching of affected Dell Storage Resource Manager installations to version 4.9.1.0 or later, which contains the necessary fixes for session management. Network segmentation should be implemented to limit adjacent network access to the affected components, reducing the attack surface. Additionally, implementing proper session management controls including automatic session regeneration upon authentication, timeout mechanisms, and secure session identifier generation practices should be enforced. Security monitoring should be enhanced to detect unusual session activity patterns that might indicate exploitation attempts. Organizations should also consider implementing network access controls and intrusion detection systems to identify and prevent unauthorized access attempts to storage management interfaces. The vulnerability demonstrates the importance of proper session management practices as outlined in the OWASP Top Ten and aligns with ATT&CK technique T1563.002 for credential access through session hijacking.

Responsible

Dell

Reservation

12/14/2023

Disclosure

04/12/2024

Moderation

accepted

CPE

ready

EPSS

0.00399

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!