Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has a CVSS score of 9.8.
The report said, for the poor design of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards, the published flaw helps the unauthenticated external command execution exploit through structured attack input.
GeoServer RCE Vulnerability:
Various threat actor took the advantages of this flaw to propagate malware in different countries and regions. GOREVERSE, a reverse proxy tool, and SideWalk, a Linux backdoor developed by APT41 are some of Malware. In addition, the malware used ChaCha20 and XOR encryption for traffic hiding and C2 communications. If hacker deploy Fast Reverse Proxy (FRP) tool it masks malicious data with legitimate traffic making.
According to the report , crypto miners connected to pools like SupportXMR and used scripts to uninstall cloud monitor agent applications and other means to deactivate security features which could harm to the affected organizations.
To counter this critical vulnerability, the original XPath expression evaluator was replaced by the “JXPathUtils.newSafeContext” function, which is considered safe.
Users are advised to take additional precautions to ensure the software to updated and patched, ensuring that there are surveillance tools in place for threats, and also making sure that access is very limited. However, all these steps are crucial in mitigating risks associated with potential exploits.
In effect, such concerns can be resolved by users before the GeoServer environments are deployed for use, consequently shielding the geospatial data infrastructure from compromise and threats as well as the functionality of that infrastructure as an open source one.
GeoServer is an open-source server for sharing geospatial data, and this open-source software server is written in Java.
It publishes data from any major spatial data source using open standards. GeoServer is designed for teamwork and allows users to share, process, and edit geospatial data.