CVE-2024-20912 in Audit Vault and Database Firewallinfo

Summary

by MITRE • 01/17/2024

Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 06/04/2025

The vulnerability identified as CVE-2024-20912 affects Oracle Audit Vault and Database Firewall components within versions 20.1 through 20.9. This represents a significant security weakness that resides in the firewall subsystem of Oracle's database security solution. The vulnerability operates within the context of Oracle's comprehensive database protection framework, which is designed to monitor and control database activities while maintaining audit trails for compliance and security purposes. The affected component specifically handles the network traffic filtering and security policy enforcement functions that are critical to database protection environments.

This vulnerability stems from insufficient authorization controls within the Oracle Net communication layer that governs how the firewall component processes network requests. The flaw allows an attacker with high privileges to exploit network access channels and potentially modify database firewall configurations or access sensitive audit data. The vulnerability's classification as easily exploitable indicates that the attack vector requires minimal specialized knowledge or resources to execute successfully. The CVSS 3.1 score of 2.7 reflects the relatively low impact on confidentiality but the moderate impact on integrity, suggesting that while data exposure is limited, the ability to modify firewall rules or audit data could significantly compromise the security posture.

The operational impact of this vulnerability extends beyond simple data modification as it affects the fundamental integrity of the database security infrastructure. An attacker who successfully exploits this vulnerability could potentially disable security controls, modify firewall policies, or manipulate audit records to hide malicious activities. The attack requires network access and high privilege levels, indicating that the threat actor likely has legitimate access to the network but may be attempting to escalate privileges or exploit internal trust relationships. This scenario aligns with common attack patterns in the MITRE ATT&CK framework where adversaries leverage legitimate administrative credentials to compromise systems.

The security implications are particularly concerning given that Oracle Audit Vault and Database Firewall are designed to protect sensitive database environments from unauthorized access and malicious activities. When an attacker can compromise these protective mechanisms, they effectively undermine the entire security architecture that organizations rely upon for database protection. The vulnerability creates a potential pathway for attackers to bypass security controls that are specifically designed to prevent unauthorized database modifications, which represents a fundamental breach in the security model. Organizations using affected versions should immediately implement network segmentation and access controls to limit the potential impact of this vulnerability.

Mitigation strategies should include immediate patching of affected Oracle Audit Vault and Database Firewall components to the latest supported versions that contain the necessary security fixes. Network access controls should be strengthened to limit communication paths to the firewall component and implement additional authentication layers. The principle of least privilege should be enforced more rigorously, ensuring that network access to the firewall components is restricted to only essential administrative personnel. Organizations should also conduct comprehensive security assessments of their database environments to identify any potential unauthorized modifications that may have occurred during the vulnerability window. Regular monitoring and auditing of firewall configurations should be enhanced to detect any anomalous changes that might indicate exploitation attempts, aligning with industry best practices outlined in the CWE catalog for access control vulnerabilities.

Responsible

Oracle

Reservation

12/07/2023

Disclosure

01/17/2024

Moderation

accepted

CPE

ready

EPSS

0.00339

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!