A critical vulnerability has been uncovered in TrueNAS CORE, the popular open-source network-attached storage (NAS) operating system. Tracked as CVE-2024-11944 and assigned a CVSS score of 7.5, this security flaw could allow malicious actors to remotely execute code on vulnerable TrueNAS devices without authentication.
The flaw resides in the tarfile.extractall method used in file operations. Specifically, the issue stems from inadequate validation of user-supplied paths. By exploiting this vulnerability, attackers can craft a malicious archive that, when processed, allows them to traverse the file system and write files to unintended locations. This can be leveraged to execute arbitrary code with root-level privileges.
Since the attack does not require prior authentication, network-adjacent attackers—those on the same network or able to access the device—can exploit the vulnerability. Once exploited, the attacker could potentially gain full control of the affected NAS, leading to severe consequences such as:
- Data Exfiltration: Unauthorized access to sensitive stored files.
- Device Compromise: Installation of backdoors or other malicious software.
- Service Disruption: Corruption or deletion of critical system files.
This vulnerability was identified by Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7, a renowned security research team.
The CVE-2024-11944 vulnerability has been addressed in TrueNAS CORE 13.0-U6.3, and users are strongly urged to update their installations immediately to protect against potential exploitation.
Related Posts:
- Unpatched WordPress bug puts your website at risk
- Microsoft released the PowerShell Core that support MacOS/Linux OS
