Analysis Summary

Several open-source machine learning (ML) and artificial intelligence (AI) models have been found to have a little over three dozen security flaws, some of which could result in information theft and remote code execution.

The vulnerabilities have been disclosed by researchers and have been found in programs such as ChuanhuChatGPT, Lunary, and LocalAI. The two issues affecting Lunary, a production toolset for large language models (LLMs), are the most serious.

• CVE-2024-7474 (CVSS score: 9.1): An Insecure Direct Object Reference (IDOR) vulnerability that could enable an authenticated user to view or remove external users, potentially leading to data loss and unauthorized access.
• CVE-2024-7475 (CVSS score: 9.1): A flaw in the access control system that enables an attacker to modify the SAML settings, allowing them to log in as an unauthorized user and view private data.

Another IDOR vulnerability (CVE-2024-7473, CVSS score: 7.5) was also found in Lunary, allowing a malicious actor to modify a user-controlled parameter and alter other users' prompts. The request to update a prompt is intercepted by an attacker who logs in as User A. The attacker can change User B's prompt without permission by changing the request's 'id' argument to the 'id' of one of User B's prompts.

The user upload function of ChuanhuChatGPT has a path traversal weakness (CVE-2024-5982, CVSS score: 9.1) that might lead to arbitrary code execution, directory creation, and the exposure of private information. This is the third critical vulnerability. Additionally, two security vulnerabilities have been found in LocalAI, an open-source project that lets users run self-hosted LLMs. These vulnerabilities could allow malicious actors to guess valid API keys by examining the server's response time (CVE-2024-7010, CVSS score: 7.5) and execute arbitrary code by uploading a malicious configuration file (CVE-2024-6983, CVSS score: 8.8).

A timing attack, a kind of side-channel attack, can be carried out by a threat actor thanks to the vulnerability. The attacker can determine the proper API key one character at a time by timing the processing of requests using various keys. A remote code execution vulnerability (CVE-2024-8396, CVSS score: 7.8) affecting the Deep Java Library (DJL) that results from an arbitrary file overwrite bug originating from the package's untar function rounds out the list of vulnerabilities.

Impact

• Code Execution
• Sensitive Data Theft
• Unauthorized Access
• Data Loss

Indicators of Compromise

CVE

• CVE-2024-7474
• CVE-2024-7475
• CVE-2024-7473
• CVE-2024-5982
• CVE-2024-7010
• CVE-2024-6983
• CVE-2024-8396

Remediation

• Organizations must test their assets for the vulnerabilities mentioned above and apply the available security patch or mitigation steps as soon as possible.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations must stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.