CVE-2024-0157 in Storage Resource Manager
Summary
by MITRE • 04/12/2024
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/22/2024
The vulnerability identified as CVE-2024-0157 affects Dell Storage Resource Manager version 4.9.0.0 and earlier releases, specifically within the SRM Windows Host Agent component. This represents a critical session management flaw that exposes the system to unauthorized access attempts. The vulnerability stems from improper session handling mechanisms that allow an attacker to manipulate session identifiers, potentially leading to full application compromise. The affected component operates within the Windows environment and serves as a crucial interface for storage resource management operations.
This session fixation vulnerability (categorized under CWE-384) occurs when the application fails to properly regenerate session identifiers upon successful authentication. The flaw allows an adjacent network attacker to obtain a valid session token and subsequently reuse it to impersonate authenticated users. The vulnerability is particularly concerning because it does not require authentication to exploit, making it accessible to attackers within the same network segment. The Windows Host Agent component typically handles critical storage management functions, making this vulnerability particularly dangerous as it could enable attackers to gain unauthorized access to storage resources and potentially compromise entire storage infrastructures.
The operational impact of this vulnerability extends beyond simple session hijacking, as it could enable attackers to perform unauthorized operations within the storage management environment. An attacker who successfully exploits this vulnerability could access sensitive storage configurations, manipulate data, or potentially disrupt storage operations. The attack surface is limited to adjacent network access, but in enterprise environments where network segmentation is insufficient, this vulnerability could be leveraged to escalate privileges and move laterally within the infrastructure. The vulnerability affects the integrity and availability of storage management operations, potentially leading to data loss or unauthorized data access.
Mitigation strategies for CVE-2024-0157 should prioritize immediate patching of affected Dell Storage Resource Manager installations to version 4.9.1.0 or later, which contains the necessary fixes for session management. Network segmentation should be implemented to limit adjacent network access to the affected components, reducing the attack surface. Additionally, implementing proper session management controls including automatic session regeneration upon authentication, timeout mechanisms, and secure session identifier generation practices should be enforced. Security monitoring should be enhanced to detect unusual session activity patterns that might indicate exploitation attempts. Organizations should also consider implementing network access controls and intrusion detection systems to identify and prevent unauthorized access attempts to storage management interfaces. The vulnerability demonstrates the importance of proper session management practices as outlined in the OWASP Top Ten and aligns with ATT&CK technique T1563.002 for credential access through session hijacking.