Friday, February 14, 2025
HomeCVE/vulnerabilityRed Hat NetworkManager Flaw Allows Hackers to Gain Root Access

Red Hat NetworkManager Flaw Allows Hackers to Gain Root Access

Published on

SIEM as a Service

Follow Us on Google News

A recently discovered vulnerability in Red Hat’s NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity community because it could allow unauthorized users to gain root access.

This security flaw, publicly disclosed on August 30, 2024, and last modified on September 19, 2024, has been classified as moderately severe and assigned a Common Vulnerability Scoring System (CVSS) score of 6.1.

Vulnerability Details

The flaw is described as an SMB (Server Message Block) force-authentication vulnerability that affects all versions of the Open Policy Agent (OPA) for Windows before version 0.68.0.

The core issue stems from improper input validation within the OPA CLI and its Go library functions.

National Cybersecurity Awareness Month Cyber Challenges – Test your Skills Now

This vulnerability allows an attacker to pass an arbitrary SMB share instead of a Rego file, potentially leading to unauthorized access to sensitive data or resources.

The vulnerability is categorized under CWE-294, which involves authentication bypass by capture-replay.

It exploits the mechanism where a user or application attempts to access a remote share on Windows, forcing the local machine to authenticate to the remote server via NTLM (New Technology LAN Manager).

During this process, the NTLM hash of the local user is sent to the remote server, which attackers can capture and potentially use for further malicious activities such as relay attacks or offline password cracking.

The impact of this vulnerability is considered moderate due to its specific exploitation requirements.

Successful exploitation requires direct access to the OPA CLI or its Go library functions and the ability to influence the arguments passed to these components. Although this limits the attack vector, if exploited, it could lead to unauthorized access or manipulation of data.

According to Red Hat’s report, no straightforward mitigation strategies meet Red Hat’s criteria for ease of use and deployment across a widespread installation base.

However, temporary workarounds include restricting access to the OPA CLI and its functions by implementing strict access controls and ensuring only authorized users can execute commands interacting with SMB shares.

Additionally, validating inputs to ensure only legitimate Rego files are processed can help mitigate risks until a permanent solution is available.

Users are strongly advised to upgrade to OPA version 0.68.0 or later, where this vulnerability has been addressed following responsible disclosure on June 19, 2024.

Organizations should also minimize public exposure of services unless necessary and continuously monitor for suspicious activities that could indicate exploitation attempts.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

New Microsoft Windows GUI 0-Day Vulnerability Actively Exploited in the Wild

A newly discovered vulnerability in Microsoft Windows, identified by ClearSky Cyber Security, is reportedly...

Burp Suite Professional / Community 2025.2 Released With New Built-in AI Integration

PortSwigger has announced the release of Burp Suite Professional and Community Edition 2025.2, introducing...

Arbitrary File Upload Vulnerability in WordPress Plugin Let Attackers Hack 30,000 Website

A subgroup of the Russian state-sponsored hacking group Seashell Blizzard, also known as Sandworm,...

BadPilot Attacking Network Devices to Expand Russian Seashell Blizzard’s Attacks

A newly uncovered cyber campaign, dubbed "BadPilot," has been linked to a subgroup of...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

New Microsoft Windows GUI 0-Day Vulnerability Actively Exploited in the Wild

A newly discovered vulnerability in Microsoft Windows, identified by ClearSky Cyber Security, is reportedly...

Burp Suite Professional / Community 2025.2 Released With New Built-in AI Integration

PortSwigger has announced the release of Burp Suite Professional and Community Edition 2025.2, introducing...

Arbitrary File Upload Vulnerability in WordPress Plugin Let Attackers Hack 30,000 Website

A subgroup of the Russian state-sponsored hacking group Seashell Blizzard, also known as Sandworm,...