Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-28872
PUBLISHED
More InfoOfficial Page
Assigner-isc
Assigner Org ID-404fd4d2-a609-4245-b543-2c944a302a22
View Known Exploited Vulnerability (KEV) details
Published At-11 Jul, 2024 | 14:49
Updated At-26 Mar, 2025 | 14:40
Rejected At-
▼CVE Numbering Authority (CNA)
Incorrect TLS certificate validation can lead to escalated privileges

The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected. This issue affects Stork versions 0.15.0 through 1.15.0.

Affected Products
Vendor
Internet Systems Consortium, Inc.ISC
Product
Stork
Default Status
unaffected
Versions
Affected
  • From 0.15.0 through 1.15.0 (custom)
Metrics
VersionBase scoreBase severityVector
3.18.9HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H
Version: 3.1
Base score: 8.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/AThe possible impacts are denial of service, loss of confidential information, and integrity loss. If successful, the attacker can cause the Stork agent to shut down; the attacker can also obtain confidential data from Kea or BIND 9, cause those services to terminate, or modify their configurations.
CAPEC ID: N/A
Description: The possible impacts are denial of service, loss of confidential information, and integrity loss. If successful, the attacker can cause the Stork agent to shut down; the attacker can also obtain confidential data from Kea or BIND 9, cause those services to terminate, or modify their configurations.
Solutions

Upgrade to the patched release most closely related to your current version of Stork: 1.15.1.

Configurations
Workarounds

It should be possible to decrease the attack vector by protecting the Stork server and Stork agents with a firewall or similar mechanism.

Exploits

We are not aware of any active exploits.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.isc.org/docs/cve-2024-28872
vendor-advisory
Hyperlink: https://kb.isc.org/docs/cve-2024-28872
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-295CWE-295 Improper Certificate Validation
Type: CWE
CWE ID: CWE-295
Description: CWE-295 Improper Certificate Validation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.isc.org/docs/cve-2024-28872
vendor-advisory
x_transferred
Hyperlink: https://kb.isc.org/docs/cve-2024-28872
Resource:
vendor-advisory
x_transferred
Details not found