About the Vulnerability
Introduction
Craft CMS is a popular content management system (CMS) that focuses on providing flexible tools for designers and developers to create beautiful websites and digital experiences.
Summary
On December 23, 2024, Sangfor FarSight Labs received notification that a Craft CMS component contains information of code execution vulnerability(CVE-2024-56145), classified as critical in threat level.
Craft CMS contains a remote code execution vulnerability. If the "register_argc_argv" is enabled in the php.ini configuration file of affected Craft CMS users, unauthorized attackers can exploit this vulnerability to execute arbitrary code, leading to server compromise.
Affected Versions
5.0.0-RC1 ≤ Craft CMS < 5.5.2
4.0.0-RC1 ≤ Craft CMS < 4.13.2
3.0.0 ≤ Craft CMS < 3.9.14
Solutions
Temporary Solution
Without affecting business operations, disable the register_argc_argv configuration in php.ini.
Official Solution
Secure Versions:
Craft Cms 4.13.2
Craft Cms 5.5.2
The latest version has been officially released to fix the vulnerability. Affected users are recommended to update the version of Craft CMS to the secure versions and versions above.
Download link: https://github.com/craftcms/cms/releases/tag/5.5.7
Link for business version: https://craftcms.com/pricing
Sangfor Solutions
Vulnerability Proactive Detection
Support is provided for proactive detection of Craft CMS Remote Code Execution Vulnerability(CVE-2024-56145); and it is capable of quickly batch identifying whether there are vulnerability risks in business scenarios. Related products are as follows:
[Sangfor Cyber Guardian MDR] is expected to release a detection scheme on December 30, 2024, with Rule ID: SF-2024-01350.
[Sangfor Omni-Command XDR] is expected to release a detection scheme on December 25, 2024, with Rule ID: SF-2024-01349.
Vulnerability Security Detection
Support is provided for monitoring Craft CMS Remote Code Execution Vulnerability(CVE-2024-56145); and it is capable of monitoring the affected asset conditions in business scenarios in real-time based on traffic collection, and quickly checking the scope of impact. Related products and services are as follows:
[Sangfor Cyber Command] is expected to release a monitoring scheme on January 7, 2025, with Rule ID: 11027859.
[Sangfor Cyber Guardian MDR] is expected to release a monitoring scheme (requiring Cyber Command component capabilities) on January 7, 2025, with Rule ID: 11027859.
[Sangfor Omni-Command XDR] is expected to release a monitoring scheme on January 7, 2025, with Rule ID: 11027859.
Security Protection
Support is provided for defense against Craft CMS Remote Code Execution Vulnerability(CVE-2024-56145); and it is capable of blocking attackers' intrusion targeting this event. Related products and services are as follows:
[Sangfor Network Secure] is expected to release a protection scheme on January 7, 2025, with Rule ID: 11027859.
[Sangfor WAF] is expected to release a protection scheme on January 7, 2025, with Rule ID: 11027859.
[Sangfor Cyber Guardian MDR] is expected to release a protection scheme (requiring Network Secure component capabilities) on January 7, 2025, with Rule ID: 11027859.
[Sangfor Omni-Command XDR] is expected to release a protection scheme (requiring Network Secure component capabilities) on January 7, 2025 , with Rule ID: 11027859.
Timeline
On December 23, 2024, Sangfor FarSight Labs received notification of Craft CMS Remote Code Execution Vulnerability.
On December 23, 2024, Sangfor FarSight Labs released a vulnerability alert.
References
https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9
