Critical AI Tool Vulnerabilities Let Attackers Execute Arbitrary Code

Multiple critical flaws in the infrastructure supporting AI models have been uncovered by researchers, which raise the risk of server takeover, theft of sensitive information, model poisoning, and unauthorized access.

Affected are platforms that are essential for hosting and deploying large language models, including Ray, MLflow, ModelDB, and H20. While some vulnerabilities have been addressed, others have not received a patch.

Researchers discovered a wide range of vulnerabilities in the tools used in the supply chain for building chatbots and other kinds of AI/ML models, according to Protect AI’s November Vulnerability Report.

“Many of these OSS tools, frameworks, and artifacts, come out of the box with vulnerabilities that can lead directly to complete system takeovers such as unauthenticated remote code execution or local file inclusion vulnerabilities”, reads the report.

Details of the Affected Platforms

Large language models (LLM), as well as other ML platforms and AIs, are hosted, deployed, and shared via the impacted platforms.

Document
Free Webinar

Live API Attack Simulation Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

These consist of the machine learning management platform ModelDB, the machine learning lifecycle platform MLflow, the machine learning platform Ray, which is used for the distributed training of machine learning models, and the open-source Java-based H20 version 3 machine learning platform.

List of Critical Vulnerabilities Patched

  • CVE-2023-6021 with CVSS Score 9.3, Ray Log File Local File Include.
  • CVE-2023-6020 with CVSS Score 9.3 Ray Static File Local File Include.
  • CVE-2023-6019 with CVSS Score of 10, Ray Command Injection in cpu_profile parameter.
  • CVE-2023-1177 with CVSS Score of 9.3, MLflow Local File Include via Model Versions API.
  • CVE-2023-6014 with CVSS Score of 9.1, MLflow Authentication Bypass.
  • CVE-2023-6015 with CVSS Score of 10, MLflow Arbitrary File Upload.

List of Critical Vulnerabilities Unpatched

  • CVE-2023-6013 with CVSS Score of 9.3, H2O Stored XSS/LFI.
  • CVE-2023-6038 with CVSS Score of 9.3, H2O Local File Include.
  • CVE-2023-6016 with CVSS Score of 10, H2O Remote Code Execution via POJO Model Import.
  • CVE-2023-6018 with CVSS score of 10, MLflow Arbitrary File Write.

Recommendation

Users are recommended to “Upgrade to the latest non-vulnerable version” for fixed vulnerabilities. “Restrict access to the web application” for unpatched vulnerabilities. 

Experience how StorageGuard eliminates the security blind spots in your storage systems, try a 14-day free trial.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

1 day ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

3 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

3 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

3 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago