CVE-2024-6922: SSRF Flaw Found in Automation Anywhere, 3,500+ Servers Exposed

by do son · July 28, 2024

CVE-2024-6922 - Automation 360 vulnerability

A vulnerability, identified as CVE-2024-6922, has been discovered in Automation Anywhere Automation 360, a widely used robotic process automation (RPA) platform. The vulnerability, unauthenticated Server-Side Request Forgery (SSRF), could allow attackers to exploit internal network services and potentially gain unauthorized access to sensitive data.

Unauthenticated Access Opens Door to Internal Network Exploitation

The vulnerability affects versions 21 to 32 of the Automation 360 software and stems from a flaw in the platform’s Control Room server. An attacker with unauthenticated access to the server could manipulate it into making arbitrary requests on their behalf, potentially leading to the exploitation of internal systems and services not typically exposed to the public internet.

Broad Impact Across Private and Public Sectors

Automation Anywhere Automation 360 is a prominent RPA solution employed by numerous businesses and government agencies for workflow automation and task orchestration. Given the platform’s extensive use, the vulnerability could have far-reaching consequences for organizations across various sectors.

Research Reveals Thousands of Vulnerable Servers Exposed

Security research conducted by Ryan Emmons, Lead Security Researcher at Rapid7, uncovered approximately 3,500 Control Room servers publicly accessible on the internet, highlighting the widespread exposure to potential attacks.

Mitigation Requires Urgent Upgrade

Automation Anywhere has confirmed the CVE-2024-6922 vulnerability and has reportedly addressed the issue in version 33 of the product. Organizations using affected versions of Automation 360 are strongly advised to upgrade to the latest version immediately to mitigate the risk of exploitation.

Exploitation Potential Demonstrated

Rapid7’s blog post details the technical aspects of the vulnerability and provides a proof-of-concept demonstrating how an attacker could leverage the SSRF flaw to target internal services and gain access to sensitive information.

Organizations Urged to Act Swiftly

The critical nature of this vulnerability, coupled with the widespread use of Automation Anywhere Automation 360, underscores the urgency for organizations to patch their systems promptly. Failure to do so could leave them susceptible to unauthorized access, data breaches, and potential disruption of critical business processes.