CosmicSting (CVE-2024-34102): A Critical E-Commerce Vulnerability Threatening Millions of Online Stores

A newly discovered vulnerability dubbed “CosmicSting” (CVE-2024-34102) has sent shockwaves through the e-commerce world, potentially jeopardizing millions of online stores built on Adobe Commerce and Magento platforms. With nearly three-quarters of affected sites yet to apply the crucial security patch, the risk of widespread attacks looms large.

What is CosmicSting?

CosmicSting is a critical flaw that enables attackers to gain unauthorized access to sensitive files, including those containing passwords. When combined with a recent Linux bug (CVE-2024-2961), the vulnerability can be escalated to remote code execution, granting hackers complete control over the compromised website.

The Severity of the Threat

Security firm Sansec, which analyzed the vulnerability, has described CosmicSting as ” the worst bug to hit Magento and Adobe Commerce stores in two years.” The flaw has been assigned a critical CVSS score of 9.8, indicating its high potential for exploitation and the severity of its impact.

Why Should You Care?

If you operate an online store built on Adobe Commerce or Magento, it is imperative to take immediate action. The consequences of a successful CosmicSting attack can be devastating, including:

• Data Breaches: Attackers can steal sensitive customer data, including credit card information, leading to financial losses and reputational damage.
• Website Defacement: Hackers can alter your website’s content, redirecting customers to malicious sites or spreading malware.
• Loss of Revenue: The disruption caused by a cyberattack can lead to significant downtime and loss of sales.

Mitigation Steps

Adobe has released security patches for CVE-2024-34102, and e-commerce platform administrators are strongly urged to apply them as soon as possible. Sansec recommends switching to “Report-Only” mode before upgrading to avoid potential disruptions to checkout functionality.

If upgrading is not feasible immediately, two interim measures can be taken:

1. Check your Linux system for the vulnerable glibc library (CVE-2024-2961) and upgrade if necessary.
2. Add an emergency fix code to ‘app/bootstrap.php’ to block most CosmicSting attacks. However, this fix should be used with caution as its effectiveness and safety cannot be fully guaranteed.

The Bottom Line

CosmicSting poses a significant threat to the e-commerce ecosystem, and prompt action is crucial to protect online stores and their customers. Given the severity of the vulnerability and the potential for widespread attacks, it is essential for website administrators to prioritize applying the necessary security patches and taking additional mitigation measures.