A critical security issue, identified as CVE-2024-0394, has been disclosed, affecting Rapid7 Minerva Armor, a product designed to protect against malware, ransomware, and advanced cyber attacks. This vulnerability, known as a privilege escalation issue, allows users with lower-level access to gain higher-level privileges, potentially leading to unauthorized actions or data breaches.

The vulnerability is rooted in how Minerva Armor uses the OpenSSL library, a crucial tool for secure communications and cryptographic functions. Specifically, the issue arises from the way Minerva Armor configures the OPENSSLDIR parameter, which points to the location of the OpenSSL configuration file (openssl.cnf). This parameter was mistakenly set to a path that could be accessed by users with limited privileges, such as C:\git\vcpkg\packages\openssl_x86-windows-static-vs2019-static\openssl.cnf.

An attacker could exploit this vulnerability by creating a malicious openssl.cnf file that directs the OpenSSL library to load a harmful engine library. This engine library could then execute arbitrary code with SYSTEM privileges when the Minerva Armor service starts. Essentially, any authenticated user could potentially execute harmful actions on the system.

Rapid7 has addressed this vulnerability by releasing a fix in version 4.5.5 of Minerva Armor. Users are strongly advised to update to this version to mitigate the risk. The vulnerability was disclosed by Will Dormann of Vul Labs, who was acknowledged by Rapid7 for their contribution to enhancing security.

https://www.rapid7.com/blog/post/2024/04/03/cve-2024-0394-rapid7-minerva-armor-privilege-escalation-fixed/

#cybersecurity #rapid7 #vulnerability #minerva_armor #privilegeescalation #openssl #cve #malware #ransomware #vul_labs #willdormann